Hyatt Hotels has become just the fifth company operating in the UK to use a complex process that allows it to send personal data around the world without breaking EU rules. It has signed up to use Binding Corporate Rules (BCRs). The European Union's Data Protection Directive prevents companies sending personal data outside of …
Given all the hoops you apparently have to jump through to move data oversees, can someone explain how all those oversees call-centres work?
Is there some loophole that allows you to use thin-client style systems where the data all resides in the UK, but the operator is looking at it in India (or wherever)?
"Once you've been through the process, at least you have enjoy freedom to transfer data within a group,"
Who checks that compliance is maintained and that the procedures are not broken? Maybe it's a 'self regulation' thing, hahahah.
I was thinking exactly the same.
A quick look at the Data Protection Act tells me that personal data cannot be transferred outside the EEA unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data (the eighth principle) BUT Schedule 4 of the Act lists 9 cases where the eighth principle does not apply.
Presumably call-centres use one (or more) of the 9 cases under Schedule 4 to gain exemption.
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for those too stupid to use email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?