Dear list members, some help please.
I'm working on a large European-wide project to consolidate our systems
storage outside of the EEA.
To fully understand the scope of the project and the legal requirements, we
have been reviewing each application's data to understand what is personal,
sensitive, employee related etc etc so we know what we need to do and in
addition, so that we can append to the SMCC, a list of data to be
transferred.
I'm being challenged on whether or not this is a requirement in order to
complete the agreement or whether we can simply list the categories of data.
I would appreciate any advice on best practice, or more importantly, any
written guidance on how to complete the template clauses and what should
be included.
If you have any other good advice on why we should know the specifics of
what we are dealing with then this would also be useful.
My fear is that we end up sending a lot of data, without really knowing what's
going over there, other than knowing the general categories. I think it is
important that we document an understanding of the data. I know the
Privacy by Design model suggests we should all be doing this (meta-data) but
we also know that in the real world, getting approval for the time to do this
will only happen if it is a legal requirement, not regulator advice on best
practice.
As this is a European project, if anyone knows of any other countries who
have more stringent requirements, then this would help me.
Thanks in advance,
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|