If I have understood this thread correctly the query is a Subject
Access from outside the EEA and whether it is legal to meet the
request.
Schedule 4. 1 Says the 8th principle does not apply if the Data
Subject has given their consent to the transfer.
Thus an SAR from outside the EEA would be giving consent
(assuming the identity of the data subject has been verified) and
I do not see what the problem is in meeting the request.
If I have misunderstood the query then please ignore this!
John Hitches
John Hitches
Information Security Officer
and Data Protection Officer
Kingston University
Telephone 020 8547 7768
The views expressed are those of the individual and
not necessarily those of the university
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|