Hyatt Hotels has become just the fifth company operating in the UK to use a complex process that allows it to send personal data around the world without breaking EU rules. It has signed up to use Binding Corporate Rules (BCRs). The European Union's Data Protection Directive prevents companies sending personal data outside of …
Given all the hoops you apparently have to jump through to move data oversees, can someone explain how all those oversees call-centres work?
Is there some loophole that allows you to use thin-client style systems where the data all resides in the UK, but the operator is looking at it in India (or wherever)?
"Once you've been through the process, at least you have enjoy freedom to transfer data within a group,"
Who checks that compliance is maintained and that the procedures are not broken? Maybe it's a 'self regulation' thing, hahahah.
I was thinking exactly the same.
A quick look at the Data Protection Act tells me that personal data cannot be transferred outside the EEA unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data (the eighth principle) BUT Schedule 4 of the Act lists 9 cases where the eighth principle does not apply.
Presumably call-centres use one (or more) of the 9 cases under Schedule 4 to gain exemption.
- +Analysis Microsoft: We're making ONE TRUE WINDOWS to rule us all
- Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
- Pics It's Google HQ - the British one: Reg man snaps covert shots INSIDE London offices
- White? Male? You work in tech? Let us guess ... Twitter? We KNEW it!
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR