Section: Data Protection
Has anyone sent data electronically to a company in the USA for data processing purposes (eg mailing, wealth screening) and, if so, how did you deal with data protection issues?
Since you are only sending data to the company for them to do something with, and not to retain,
then you are not making a disclosure to them. You are simply contracting them to work as a Data
Processor. You are not allowing them to become a Data Controller. So long as you are able to
show that you have a suitable contract in place, then I don't see why it's an issue.
To doubly resassure yourselves, you might want to make sure that the contract you have with them specifies that any legal action that you did need to take, if it all went horribly wrong, could be taken under UK or other EU law,
not in the U S of A. Having said that, if your company complies with the "Safe Harbor" situation should give you added confidence that
you have done your very best to comply with UK legislation.
You would not be the first to make this kind of overseas disclosure. It happens every time you use your credit
card outside the EU, and every time a bank or other institution sends its call centres overseas.