The organization should save information concerning personal data disclosures to third parties. The information should include what personal data has been disclosed, to whom and when.
The data in a data store are, in principle, only available to that controller and under the same responsibility. If you pass data on to another organization for other use, you must clearly inform about it and state e.g. the recipient of the transfer and the legal basis.