Dear all,
Does anyone know of any guidance that exists about companies closing and
needing to sell their existing book of business to a new company? Has
anyone dealt with this situation before and could offer thoughts or things
to consider from a data protection perspective?
I've been looking into it and have come to the conclusion that in the
absence of appropriately worded fair processing notices, gaining customer
consent is the likely option to enable a compliant disclose of the personal
data to the new company (especially as there is potentially confidential
and sensitive personal data involved).
If consent it needed, we have a very large number of customers to contact.
What happens if some customers don’t give their consent or we can’t contact
all of them? How can we legitimise the disclosure of the information to a
new data controller?
Could we argue that if the new data controller takes on the existing book
of business and uses it for exactly the same purposes that we did (i.e.
administering policies), then simply informing customers of the change in
data controller would be sufficient?
I'd be grateful to hear your views.
Best wishes,
Emma
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|