The subject of European Data Protection legislation is incredibly complex, but an important part of marketing in Europe. Although Europe aims to have consistant laws, the rules differ from one country to another, and can appear incredibly restrictive. Recently the Information Commissioner in the UK gave advice that may have relaxed the interpretation of the rules. The advice said that it was OK to process “sensitive data” (in this case about someone’s mental health) outside of the EEA providing that the European company controlled the processing of the data. Previously it had been thought that for this to happen.
Although there may be more flexibility in the rules relating to processing data in other countries, it should be remembered that in this case, the UK company needed to remain the “controller” of the data. Also don’t forget that at Napier we are not lawyers, so always take professional advice. Finally in true EU style, the Information Commissioner’s ruling is not legally binding, so this may all be overturned in the courts!