As markets become more global, data protection awareness and compliance in transborder data flows is becoming increasingly important. There are important issues for companies wishing to send personal data to countries outside the European Economic Area (EEA). This paper considers in detail the Eighth Principle under the Data Protection Act 1998 (the Act) and the ways in which compliance with its requirements may be achieved.
Most organisations that conduct their business online will collect data relating to individuals at some stage during their operations, whether in relation to customers, target clients, or even their own employees. Personal data can be collected on websites by a variety of means: registration pages, requests for details when goods or services are ordered, competitions and surveys, or by the use of various tracking devices such as cookies. Whenever personal data is collected, the organisation responsible for the use of such data (known as the ‘data controller’) will need to comply with various legal requirements, and may be advised to follow certain good practice guidelines, all of which are designed to protect the privacy of the individual whose data is being collected. (more…)