Nigel Harper, 02 July 2009
The European Commission should make sure that outsourcing providers who process personal data are bound by consistent rules irrespective of whether they are based inside or outside the EU, data protection watchdogs have said.The European Union's Article 29 Working Party, which consists of the privacy regulators from the 27 EU nations, have published an opinion on an as-yet unpublished European Commission policy change on the transfer of personal data outside the European Economic Area (EEA).
It said that the Commission needs to adopt a more consistent approach in its policy governing processors.
Companies that handle personal data are required by the EU's Data Protection Directive to make sure that any outsourcing providers they use give adequate protection and security for that data, even if those providers are outside the EU and so not directly bound by the Directive.
Source: Out-Law.com
