TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

What Needs to be Done Prior to Shipping


Schedule 1 the data protection priciples


Part 1 of the principles


8 Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.


The eighth principle


13 An adequate level of protection is one which is adequate in all the circumstances of the case, having regard in particular to—

(a) the nature of the personal data,

(b) the country or territory of origin of the information contained in the data,

(c) the country or territory of final destination of that information,

(d) the purposes for which and period during which the data is intended to be processed,

(e) the law in force in the country or territory in question,

(f) the international obligations of that country or territory,

(g) any relevant codes of conduct or other rules which are enforceable in that country or territory (whether generally or by arrangement in particular cases), and

(h) any security measures taken in respect of the data in that country or territory.

14 The eighth principle does not apply to a transfer falling within any paragraph of Schedule 4, except in such circumstances and to such extent as the Secretary of State may by order provide.

15 (1) Where—

(a) in any proceedings under this Act any question arises as to whether the requirement of the eighth principle as to an adequate level of protection is met in relation to the transfer of any personal data to a country or territory outside the European Economic Area, and

(b) a Community finding has been made in relation to transfers of the kind in question, that question is to be determined in accordance with that finding.

(2) In sub-paragraph (1) “Community finding” means a finding of the European Commission, under the procedure provided for in Article 31(2) of the Data Protection Directive, that a country or territory outside the European Economic Area does, or does not, ensure an adequate level of protection within the meaning of Article 25(2) of the Directive.


Schedule 4


Cases where the eighth principle does not Apply


1 The data subject has given his consent to the transfer.

2 The transfer is necessary—

(a) for the performance of a contract between the data subject and the data controller, or

(b) for the taking of steps at the request of the data subject with a view to his entering into a contract with the data controller.

3 The transfer is necessary—

(a) for the conclusion of a contract between the data controller and a person other than the data subject which—

(i) is entered into at the request of the data subject, or

(ii) is in the interests of the data subject, or

(b) for the performance of such a contract.

4 (1) The transfer is necessary for reasons of substantial public interest.

(2) The Secretary of State may by order specify—

(a) circumstances in which a transfer is to be taken for the purposes of sub-paragraph (1) to be necessary for reasons of substantial public interest, and

(b) circumstances in which a transfer which is not required by or under an enactment is not to be taken for the purpose of sub-paragraph (1) to be necessary for reasons of substantial public interest.

5 The transfer—

(a) is necessary for the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings),

(b) is necessary for the purpose of obtaining legal advice, or

(c) is otherwise necessary for the purposes of establishing, exercising or defending legal rights.

6 The transfer is necessary in order to protect the vital interests of the data subject.

7 The transfer is of part of the personal data on a public register and any conditions subject to which the register is open to inspection are complied with by any person to whom the data is or may be disclosed after the transfer.

8 The transfer is made on terms which are of a kind approved by the Commissioner as ensuring adequate safeguards for the rights and freedoms of data subjects.

9 The transfer has been authorised by the Commissioner as being made in such a manner as to ensure adequate safeguards for the rights and freedoms of data subjects.


Please see Information Commissioner’s Office website for further details on the statute

© TRILANTIC - All rights reserved. | Disclaimer | Client Login