In a message dated 22/01/2002 19:47:58 GMT Standard Time,
[log in to unmask] writes:
<< If a data processor we use is outside the UK/EU et al, does it matter in
terms of transferring data to them as if they were based within the EU et
al. >>
-------------
Charles
Transfer of personal data to this processor could well be illegal if they are
outside the EEA, unless adequate contract terms exist.
The contract will need to address such issues as how the processing will
occur, who within your organisation can give/receive data, what security is
needed, what penalties will be imposed on staff who fail to comply with the
contract, what compensation payments will be made to the data subjects
affected by any breach, terminating the contract for serious or multiple
breaches, how long they can keep the data, details of destruction of the data
at the end of the contract, and so on.
I would imagine that someone (probably the DPO) from your organisation would
have to visit the processor's premises to check that the contract is being
adhered to. A nice trip to a warm country on expenses? Sounds rather nice.
See the OIC website for further details on acceptable contract terms.
Another way would be to get each and every data subject's informed consent,
spelling out to them the conditions under which your contractor processes the
data and what protection is in place (if any).
Ian Buckland
MD
Keep IT Legal Ltd
Please Note: The information contained in this document does not replace or
negate the need for proper legal advice and/or representation. It is
essential that you do not rely upon any advice given without contacting your
solicitor. If you need further explanation of any points raised please
contact Keep I.T. Legal Ltd at the address below:
55 Curbar Curve
Inkersall, Chesterfield
Derbyshire S43 3HP
(Reg 3822335)
Tel: 01246 473999
Fax: 01246 470742
E-mail: [log in to unmask]
Website: www.keepitlegal.co.uk
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|