-
8 Adequacy Considerations
- 1. The nature of the personal data
- 2. The country of origin
- 3. Final destination
- 4. The purpose of processing
- 5. The law in the country
- 6. International obligation
- 7. Codes of Conduct in that country
- 8. Security measures in 3rd country
-
Safe Countries
- EU Countries - 27
- Others in the EEA - Norway, Iceland, Leichtenstein
- Canada, Argentina, Israel, Switzerland, Andorra, Guernsey, Isle of Man, Jersey
-
What is Safe Harbor?
- - US & EU reached agreement March 2000
- - Privacy code containing 7 principles
- Notice
- Choice
- Onward Transfer
- Security
- Data Integrity
- Access
- Enforcement
- - applies only to organisation in the US
- - enforced by FTC (Federal Trade Commission) or Dept of Transportation
- - UK companies should insist on it if they are to deal with US companies
- - a code of conduct not law
-
What are the Schedule 4 Conditions
- - consent of the data subject
- - performance of a contract
- - conclusion of a contract
- - substantial public interest
- - legal proceedings
- - vital interests of the data subject
- - public register
- - Commissioner's approval
-
What should you ask if considering Transborder Data Flows?
- - Is there going to be a transfer of personal data?
- - Inside the EU/EEA?
- - In a country with a Good Data Privacy practice?
- - Is there going to be further processing?
- - What do we know about Data Protection in the country?
|
|
