While business use of offshore outsourcing has soared in recent years, the data protection issues surrounding the transfer of customer data to countries such as India and the Philippines has been left largely unresolved.
As a general principle, companies transferring personal data outside of the European Union are obliged to ensure that the receiver abides by EU data protection laws.
Until it introduced a set of new guidelines in December, the European Commission (EC) expected businesses to use a set of standard contract clauses. But these were heavily criticised for being overly complex, and they also included clauses, such as those relating to liability, which were distinctly off-putting to many businesses. The new set of clauses, originally developed by business group the International Chambers of Commerce, simplify the process greatly while still ensuring privacy is protected.
“This is a good example of regulating in cooperation with business. The business community has shown a serious commitment towards data protection and the Commission has carefully listened to business needs. That is good for EU citizens, whose privacy is better protected, and for our companies, whose competitiveness is reinforced,” says Commissioner Charlie McCreevy.
The new clauses allow businesses to ensure that any data transfer done withpartners meets the full require-ments of the EC data protection legislation.