Adrian Beney's FAQs

Beney.org.uk | FAQs

Note that all of these FAQs date from before the implementation of the Privacy and Electronic Communications (EU) Directive. They shold not be relied upon in 2015 or later. But they do provide a bit of interesting historic detail, and some of them are still up to date.


Section: Data Protection

Question
Has anyone sent data electronically to a company in the USA for data processing purposes (eg mailing, wealth screening) and, if so, how did you deal with data protection issues?

Answer
Since you are only sending data to the company for them to do something with, and not to retain, then you are not making a disclosure to them. You are simply contracting them to work as a Data Processor. You are not allowing them to become a Data Controller. So long as you are able to show that you have a suitable contract in place, then I don't see why it's an issue.

To doubly resassure yourselves, you might want to make sure that the contract you have with them specifies that any legal action that you did need to take, if it all went horribly wrong, could be taken under UK or other EU law, not in the U S of A. Having said that, if your company complies with the "Safe Harbor" situation should give you added confidence that you have done your very best to comply with UK legislation.

You would not be the first to make this kind of overseas disclosure. It happens every time you use your credit card outside the EU, and every time a bank or other institution sends its call centres overseas.

Back to FAQ index

Return to Adrian Beney's Homepage