Do the organisations you work for have any requirements to share data with 3rd parties, for whatever reason?
I am trying to establish who in your organisations keep track on any data sharing agreements with 3rd parties - and whether you keep a central list of all data sharing - or any risks you can share in not keeping tabs on data sharing agreements? i.e. no central oversight of data sharing agreements with 3rd parties - whats the risk?
albeit not a tech question with your jobs handling data I assume you may be the ones who have to get data ready for sharing with 3rd parties, hence may have some insight in this area.