Data Protection of IT Outsourcing in the European Union and European Economic Area Requirements Template

What is Data Protection of IT Outsourcing in the European Union and European Economic Area Requirements? Basically all countries in the European Union (EU) and the European Economic Area (EEA)46 have enacted laws that restrict the collection, use, and dissemination of personal information. Although there might be discrepancies, each country’s data protection law follows the guidelines set forth in the EU Directive 95/46/EC on the Protection of Individuals with Regard to the Processing of Personal Data.47 These include the following:

Purpose limitation.
Data should be processed only for specific purpose(s) and only used or further communicated to the extent compatible with the specific purpose(s) disclosed to the data subject.

Data quality and proportionality.
Data should be accurate and, where necessary, kept up to date. The data should be adequate, relevant, and not excessive in relation to the specific purpose(s).

Transparency.
Individuals should be notified of the purpose(s) of the processing and the identity of the data controller, and other information as is necessary to ensure fairness.

Security.
The data controller/data processor should take technical and organizational security measures that are appropriate to the risks presented by the processing.

Rights of access, rectification, and opposition.
The data subject should have the right to obtain a copy of all information relating to him or her, and to rectify these data where they are shown to be inaccurate.

Restrictions on onward transfers.
Further transfers of data should be permitted only where the recipient is also subject to rules affording an “adequate level of protection.” There are exceptions to this restriction, including informed consent given by the data subject.