In a message dated 13/12/2001 10:58:15 GMT Standard Time,
[log in to unmask] writes:
<< If a company were to a hire a "third party call centre" over in India or a
country outside of the EEA, what regulations would we have to adhere to, to
be compliant with the DPA regulations here? >>
--------
I would have thought the only way you could do it, assuming you didn't want
to seek the "unambiguous consent" of every data subject, is to have clauses
in a watertight contract that requires the company to adhere to the rules as
if they were in the UK.
The clauses would have to include "joint and several" liability on both
companies so that if anything did go wrong either or both companies could be
sued by the data subject.
The exemptions for contracts with or on behalf of the data subject would
probably only apply if it were strictly necessary that the call centre be
based in India (eg no similar call centres existed inside the EEA).
Ian Buckland
MD
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|