Our data protection law prohibits the transfer of personal data outside of the EEA (the EEA comprises the EU member states plus Norway, Lichtenstein and Iceland).

Transfers to third countries (those outside the EEA) need further action to be taken to legitimise the transfer. The most simple route to legalise transfers is where the third country has obtained approval from the EU for its internal data protection framework, that is had a finding of "adequacy" in respect of its own internal data protection regime.

In October 2007 the EC approved Jersey and the Faroe Islands as offering an adequate level of protection for personal data lifting the restrictions for all transfers to those territories from within the EU.

To date Argentina, Canada, Guernsey, Isle of Man and Switzerland have been approved. To this list we can now add Jersey and the Faroe Islands.

Mandy Webster

Data Protection Consulting

Helping protect businesses from the damage caused by poor data handling.