Pragmatic answer?
I'm assuming that the British Council has no special status as a UK
government body to operate outside the laws of a country in which it is
operating.
So you have to comply with Polish law just like anyone else in that
country. Add on to that the need to comply with any more stringent or
additional requirements of the UK legislation.
If you believe that the two jurisdictions contradict each other then
"ring fence" the Polish activities/data and comply with local
requirements.
Unless your in-house legal team feel like dabbling with EU directives or
the various HR principles, keep well away! Too abstract and vague for
any but lawyers or the truly enthusiastic to get involved with.
Just my twopennorth.
Regards
Jim
----------------------------------------------
Jim Whitaker
Head of Information Management and Internal Communications
British Educational Communications and Technology agency
Millburn Hill Road
Science Park Telephone 024 7679 7452
Coventry 024 7641 6994 (Ext 3341)
CV4 7JJ Fax 024 7684 7071
===================================================
> -----Original Message-----
> From: This list is for those interested in Data Protection issues
> [mailto:[log in to unmask]] On Behalf Of Antoinette Carter
> Sent: 30 November 2004 16:41
> To: [log in to unmask]
> Subject: Poland DPA
>
>
> I have been contacted by our office in Poland, who were one of the ten
> countries to join the EU this year. The Polish DPA appears
> to set much
> higher standards with regard to system user access/security than we do
> in the UK. For example, they insist that users' passwords are changed
> at least every 30 days. Our corporate policy is to apply the UK DPA
> globally unless local legislation is stronger, which appears to be the
> case here. But on reading the text of the Polish Act, Article 4 reads
> "The provisions of the Act shall apply, save where otherwise provided
> for by any international agreement to which the Republic of Poland is
> party." Would you construe from this that signing up to the
> EU is just
> such an international agreement, and that it is sufficient for us (as
> registered data controllers in the UK) to continue to apply the UK
> standards rather than the Polish. Any thoughts would be much
> appreciated....
>
> Antoinette Carter
> Data Protection Officer
> Tel: 0207 389 4970
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
http://www.jiscmail.ac.uk/help/commandref.htm
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|