Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

Personnel Today

Register
Log in
Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+

Personnel Today

International data protection

by Personnel Today 25 Nov 2003
by Personnel Today 25 Nov 2003

If you outsource a function to the other side of the world to a country such
as India, or if you do business abroad, you may have to export UK data
containing details about customers or employees.

Exporting such data within the European Economic Area (EEA) is not an issue.
But the eighth data protection principle of the Data Protection Act states that
personal data will not be transferred to a country outside the EEA – unless
that country ensures an adequate level of protection for an individual’s rights
when processing the data. This covers member states plus Norway, Iceland and
Liechtenstein.

Other countries have been recognised as adequately protecting data: Hungary,
Switzerland, Argentina and, in relation to private companies covered by federal
law, Canada. US companies can safely be sent personal data as long as they have
signed up to something called the voluntary Safe Harbor Agreement. Note that
India is not yet recognised as a country adequately protecting data.

So what do organisations need to do if a country is not accepted as ‘safe’
by the European Commission? As only ‘personal data’ is affected, your first
step is to investigate anonymising the data if you want to send it to such a
country. If that is impossible, you have another two options:

– Option 1: Adequacy test

Your organisation must assess the risks of sending personal data to an
intended recipient. Relevant factors include whether the country has adopted
any data protection standards, and whether your organisation has an ongoing
commercial relationship with the recipient of the data.

If the assessment shows a low risk of the data being misused under the
interpretation of the Data Protection Act, your organisation can proceed with
exporting it. If it shows a medium or high risk, your organisation would have
to notify the individuals on your data list of the outcome of your risk
assessment, and your organisation would have to obtain their individual consent
to exporting the data. Blanket consent may not be acceptable.

The logistics for an organisation trying to export personal data about a
large customer database or workforce are awesome .

– Option 2: Model contract clause

The EC has authorised the export of data outside the EEA if the sender and
recipient have signed up to certain prescribed clauses in the contract between
them. These are unwieldy. A more user-friendly version has been devised by
business group representatives, but has not yet been ratified by the EC.

Sign up to our weekly round-up of HR news and guidance

Receive the Personnel Today Direct e-newsletter every Wednesday

OptOut
This field is for validation purposes and should be left unchanged.

The EC is also currently working on a binding corporate code of conduct for
exporting personal data between group companies. If yours is such a company
wanting to export personal data between groups outside the UK, note that you
will have to draw up a code that must be approved by the local information
commissioner.

By Jill Kelly, Clarks employment team, Reading

Personnel Today

Personnel Today articles are written by an expert team of award-winning journalists who have been covering HR and L&D for many years. Some of our content is attributed to "Personnel Today" for a number of reasons, including: when numerous authors are associated with writing or editing a piece; or when the author is unknown (particularly for older articles).

previous post
Union publishes guide to race equality at work
next post
UK managers suffocated by meetings madness

You may also like

Dallas Cowboy Cheerleaders receive 400% pay rise

4 Jul 2025

FCA to extend misconduct rules beyond banks

2 Jul 2025

‘Decisive action’ needed to boost workers’ pensions

2 Jul 2025

Business leaders’ drop in confidence impacts headcount

2 Jul 2025

Why we need to rethink soft skills in...

1 Jul 2025

Five misconceptions about hiring refugees

20 Jun 2025

Forward features list 2025 – submitting content to...

23 Nov 2024

Features list 2021 – submitting content to Personnel...

1 Sep 2020

Large firms have no plans to bring all...

26 Aug 2020

A typical work-from-home lunch: crisps

24 Aug 2020

  • Empowering working parents and productivity during the summer holidays SPONSORED | Businesses play a...Read more
  • AI is here. Your workforce should be ready. SPONSORED | From content creation...Read more

Personnel Today Jobs
 

Search Jobs

PERSONNEL TODAY

About us
Contact us
Browse all HR topics
Email newsletters
Content feeds
Cookies policy
Privacy policy
Terms and conditions

JOBS

Personnel Today Jobs
Post a job
Why advertise with us?

EVENTS & PRODUCTS

The Personnel Today Awards
The RAD Awards
Employee Benefits
Forum for Expatriate Management
OHW+
Whatmedia

ADVERTISING & PR

Advertising opportunities
Features list 2025

  • Facebook
  • Twitter
  • Instagram
  • Linkedin


© 2011 - 2025 DVV Media International Ltd

Personnel Today
  • Home
    • All PT content
  • Email sign-up
  • Topics
    • HR Practice
    • Employee relations
    • Learning & training
    • Pay & benefits
    • Wellbeing
    • Recruitment & retention
    • HR strategy
    • HR Tech
    • The HR profession
    • Global
    • All HR topics
  • Legal
    • Case law
    • Commentary
    • Flexible working
    • Legal timetable
    • Maternity & paternity
    • Shared parental leave
    • Redundancy
    • TUPE
    • Disciplinary and grievances
    • Employer’s guides
  • AWARDS
    • Personnel Today Awards
    • The RAD Awards
  • Jobs
    • Find a job
    • Jobs by email
    • Careers advice
    • Post a job
  • Brightmine
    • Learn more
    • Products
    • Free trial
    • Request a quote
  • Webinars
  • Advertise
  • OHW+