Are there any restrictions on transferring personal data and how can these be overcome?
Cross-border data transfers affect all organizations that engage online IT services, cloud-based services, remote access services and global HR databases. Understanding the applications of lawful data transfer mechanisms is essential to validate recipients located in other nations. Data transfers typically include the following examples:
- personal data communicated over the telephone, by email, fax, letter, through a web tool or in person to another country;
- IT systems or data feeds which lead to personal data being stored on databases hosted outside the country;
- people/entities outside the country being able to access or "see" personal data held in the country; and
- the use of personal data by third parties through external solutions, e.g., outsourcing, offshoring and cloud computing.
The Prevention of Electronic Crimes Act 2016 (Act No. XL of 2016)(PECA) regulates cooperation with foreign agencies, organizations, and government “for the purposes of investigations or proceedings concerning offences related to information systems, electronic communication or data or for the collection of evidence in electronic form...”
If the Personal Data Protection Bill (Bill 2021) passes, there will be more specific requirements relating to the protection of personal data transferred internationally.