Whenever possible, it is good practice to research coded or completely anonymized data. In the event that identifiable information is requested by third parties or staff, it is important to ensure that any duty of trust is not breached. The terms of the initial consent should be reviewed to determine whether the proposed use is covered by third parties and, if not, authorization should be obtained if necessary. It should be noted that personal data should not be disclosed unless consent is available and the storage area is secure If a transfer agreement is executed separately from the main service agreement, interaction with the main agreement must be carefully considered. If provisions that would normally be included in a separate delegation contract are indeed included in the main agreement, the broader provisions of the main agreement should be taken into account. The eighth data protection principle (see list of the Data Protection Act) requires that personal data cannot be transmitted outside the European Economic Area (EU Member States as well as Iceland, Norway and Liechtenstein), unless the country or territory on which the data is to be transferred provides an adequate level of protection for personal data. One of the exceptions is that you have permission to do so. Therefore, it is important that you have specified in your participant information sheet and consent form that the data can be transmitted outside the UK or EEA. You should consider (especially if you are a controller) direct and indirect transfers (redirects) for both current and future transfers. A direct transfer is made when the recipient of the information with which the exporter issues a contract is established outside the EEA. An indirect transfer would take place if the beneficiary of the contract is based in the EEA, but hires other processors or subcontractors outside the EEA, including the group companies.
The terms of the transfer and personal data are contained in Appendix B. The parties agree that Schedule B may contain confidential business information that it does not share with third parties, unless required by law or in response to a competent regulatory or government authority or in accordance with Clause I. The parties may make additional annexes to cover the additional deferrals that will be submitted to the Authority if necessary. Appendix B may, in the alternative, be drafted to cover several transfers.
Categorised in: Uncategorized
This post was written by ammoore