TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

What Needs to be Done Prior to Shipping


Data Protection (Amendment) Act 2003


12.—The following section is substituted for section 11 of the Principal Act:

‘‘11.—(1) The transfer of personal data to a country or territory outside the European Economic Area may not take place unless that country or territory ensures an adequate level of protection for the privacy and the fundamental rights and freedoms of data subjects in relation to the processing of personal data having regard to all the circumstances surrounding the transfer and, in particular, but without prejudice to the generality of the foregoing, to—

(a) the nature of the data,

(b) the purposes for which and the period during which the data is intended to be processed,

(c) the country or territory of origin of the information contained in the data,

(d) the country or territory of final destination of that information,

(e) the law in force in the country or territory referred to in paragraph (d),

(f) any relevant codes of conduct or other rules which are enforceable in that country or territory,

(g) any security measures taken in respect of the data in that country or territory, and

(h) the international obligations of that country or territory.

(2)

(a) Where in any proceedings under this Act a question arises—

(i) whether the adequate level of protection specified in subsection (1) of this section is ensured by a country or territory outside the European Economic Area to which personal data are to be transferred, and

(ii) a Community finding has been made in relation to transfers of the kind in question, the question shall be determined in accordance with that finding.

(b) In paragraph (a) of this subsection ‘Community finding’ means a finding of the European Commission made for the purposes of paragraph (4) or (6) of Article 25 of the Directive under the procedure provided for in Article 31(2) of the Directive in relation to whether the adequate level of protection specified in subsection (1) of this section is ensured by a country or territory outside the European Economic Area.

(3) The Commissioner shall inform the Commission and the supervisory authorities of the other Member States of any case where he or she considers that a country or territory outside the European Economic Area does not ensure the adequate level of protection referred to in subsection (1) of this section.


Please refer to the Data Protection Commissioner’s website for further details on the statute


© TRILANTIC - All rights reserved. | Disclaimer | Client Login