Most businesses in the UK process personal data even if just about their employees. Many need to be registered under the Data Protection Act 1998. Breach of the Act is a criminal offence.
The Information Commissioner is in charge of the data protection legislation and has issued a number of useful guidance notes on the legislation.Most recently, guidance has been updated on transferring personal data abroad. Not all our local clients know that there are restrictions on taking personal data outside the 25 EU countries such as to have it processed in India. It is possible to achieve this but strict rules, on which we can advise you, must be followed.
In addition, new guidance on outsourcing has been issued.“The [Data Protection] Act requires you to take appropriate technical and organisational measures to protect the personal information you process, whether you process it yourself or whether someone else does it for you," said an ICO statement. Outsourcing data processing to foreign suppliers does not absolve firms from protecting the data once it passes to a third party. In fact new guidance issued by the ICO seems to tighten up rules concerning a company's responsibilities to find an outsourcer who will safeguard the data. "The new guidance clarifies the old guidance which stated that in the case of a data controller to data processor transfer the 'data controller might reasonably conclude that adequacy exists without carrying out a detailed adequacy test'.”
If you need any help in this area call Stuart Nuttall on 02392 862 424.
0 comments:
Post a Comment