It depends.
The GDPR prohibits a controller from “processing” personal data unless one of six situations, or permissible purposes, applies. As the GDPR defines processing to include the “disclosure by transmission, dissemination or otherwise . . .” of personal data, prior to sharing personal data with a government agency, a controller should determine which, if any, permissible purpose applies. The following discusses those permissible purposes which controllers might consider when deciding whether to disclose information to a government agency:
Read more from David Zetoony of Bryan Cave Leighton Paisner on JDSupra.