That disk may be in the US or China. According to Wesling, this can cause problems because the security of personal data is often not properly regulated in those countries. Therefore the transfer of personal data from Europe to foreign countries is allowed only if a country provides adequate security.
Many companies engage in outside partying for data processing. “Today, a company’s payroll or customer organization is often maintained with the help of an IT vendor. The company also knows who you are and how much you earn when you are sick. ‘
New rules
There have been new standard contract terms since last week from the European Commission for Companies processing personal data. ‘Those standard contract terms already existed, but are now being modernized,’ says Wesling. The previous standard rules refer to the old Privacy Order from 1995. This is strange because the public data protection regulation has been in effect since 2016. The new standard contract terms should provide additional clarity on what is allowed. ‘
You can find the terms online, but that is not enough. ‘Rules like these are a kind of kit in which you have to fill a lot. As a company, I would hire someone who specializes in this because it is so complicated. ‘
