With the development of the Internet, data travels more and more easily and quickly between companies or between groups. In addition, international transfers of customer-prospect files are constantly increasing. This is why it was necessary to establish an identical level of protection for personal data. How do international transfers of customer-prospect files work? Can I transfer my leads to any foreign server? What are the risks in this area? Transfers of customer-prospect files in Europe Since 1995, the European Union has done everything to Honduras Email List facilitate the circulation of personal data on its territory while ensuring respect for the rights of its citizens.

In fact, Directive 95/46 / EC states in this regard that “in order to eliminate obstacles to the movement of personal data, the level of protection of the rights and freedoms of individuals with regard to the processing of such data must be equivalent in all Member States’. This is the very purpose of this standard. Since then, all member states, as well as states party to the Economic and European Area (Norway, Iceland and Lichtenstein), can transfer personal data between themselves. Thus, the transposition of this standard for the member states (or accession for the states party to the EEA), is the sine qua none condition for carrying out an international transfer of personal data.

However, these data also transit to states outside the European Union and not part of the EEA

What about international file transfers outside the European Union? In fact, more and more data is exported to third countries. This is explained, in particular, by the increasing outsourcing of certain services (such as customer hotlines for example) to states where labor is less expensive. The increasingly frequent use of foreign servers (cloud computing) also explains the export of data outside the European Union. It is therefore necessary to establish a sufficient protection framework for these international transfers of customer-prospect files … The need for “adequate protection” The 1995 directive recognizes the possibility for states to transfer personal data to third states. However, certain conditions must be observed.

Indeed, Article 25 of the Directive states that “Member States shall provide that the transfer to a third country of personal data which is the subject of processing, or intended to be the subject of processing after their transfer (…) ”can only take place if“ the third country in question ensures an adequate level of protection ”. In this regard, the National Commission for Informatics and Freedoms has listed the states that meet this condition via an interactive map . But, what is an “adequate level of protection”?transfer-international-files-customers-prospects The sufficiency of this level of protection is assessed according to a set of indices.

Indeed, it will be necessary to take into account the legislation of the State

In the matter, “of the security measures which are applied there, of the specific characteristics of the treatment (…) as well as the nature, the origin and the destination of the processed data. “. Article 68 of the Data Protection Act specifies that the expression “sufficient level of protection” corresponds to the protection of the privacy and fundamental rights of individuals. It is the European Commission which will ensure that the state concerned has a sufficiently high level of protection. If this is the case, it will render an “adequacy” decision, which it will send to the competent authority of the state concerned (the CNIL for France). To date, Andorra, Argentina, Australia, Switzerland, Uruguay and Israel have already been the subject of such a decision.

Therefore, before proceeding with a transfer you will have to make sure that the recipient state fulfills this condition! The American example To be certain that a state offers human rights protection “substantially equivalent” to that guaranteed by the European Union, the European Commission must look at the applicable legal framework. Following an agreement with the European Commission in 2000, American companies enjoyed what was called the “Safe Harbor”. This was a set of provisions governing the protection of personal data, to which American companies could freely adhere in order to receive such data from the European Union. Safe Harbor was then a sufficient level of protection for European data to transit to the United States.

Leave a Reply

Your email address will not be published.