Hyatt Hotels has become just the fifth company operating in the UK to use a complex process that allows it to send personal data around the world without breaking EU rules. It has signed up to use Binding Corporate Rules (BCRs). The European Union's Data Protection Directive prevents companies sending personal data outside of …
Given all the hoops you apparently have to jump through to move data oversees, can someone explain how all those oversees call-centres work?
Is there some loophole that allows you to use thin-client style systems where the data all resides in the UK, but the operator is looking at it in India (or wherever)?
"Once you've been through the process, at least you have enjoy freedom to transfer data within a group,"
Who checks that compliance is maintained and that the procedures are not broken? Maybe it's a 'self regulation' thing, hahahah.
I was thinking exactly the same.
A quick look at the Data Protection Act tells me that personal data cannot be transferred outside the EEA unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data (the eighth principle) BUT Schedule 4 of the Act lists 9 cases where the eighth principle does not apply.
Presumably call-centres use one (or more) of the 9 cases under Schedule 4 to gain exemption.
- Xmas Round-up Ghosts of Christmas Past: Ten tech treats from yesteryear
- Analysis Microsoft's licence riddles give Linux and pals a free ride to virtual domination
- Review Hey Linux newbie: If you've never had a taste, try perfect Petra ... mmm, smells like Mint 16
- I KNOW how to SAVE Microsoft. Give Windows 8 away for FREE – analyst
- Special Report How Britain could have invented the iPhone: And how the Quangocracy cocked it up