Hyatt Hotels has become just the fifth company operating in the UK to use a complex process that allows it to send personal data around the world without breaking EU rules. It has signed up to use Binding Corporate Rules (BCRs). The European Union's Data Protection Directive prevents companies sending personal data outside of …
Given all the hoops you apparently have to jump through to move data oversees, can someone explain how all those oversees call-centres work?
Is there some loophole that allows you to use thin-client style systems where the data all resides in the UK, but the operator is looking at it in India (or wherever)?
"Once you've been through the process, at least you have enjoy freedom to transfer data within a group,"
Who checks that compliance is maintained and that the procedures are not broken? Maybe it's a 'self regulation' thing, hahahah.
I was thinking exactly the same.
A quick look at the Data Protection Act tells me that personal data cannot be transferred outside the EEA unless that country ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data (the eighth principle) BUT Schedule 4 of the Act lists 9 cases where the eighth principle does not apply.
Presumably call-centres use one (or more) of the 9 cases under Schedule 4 to gain exemption.