Globally Registered Data Controller..?

barman linen

Hi,

Just looking for some opinions. I am aware of the EU and Irish regulations regarding Data Controllers but am dealing with a company that claims to be a 'Globally Registered Data Controller' - can such a regisitration / certification exist when there are such disparate approaches to data protection obligations across the world ?

Peregrinus

I am pretty certain there is no global register of data controllers, and I suspect this claim is a bit of puffery. Ask the company you are dealing with who they have registered with, and for a copy of their entry in the register.

MadsL

Never heard of such a thing...(I'm a qualified Data Protection Practitioner)

MadsL

Are you sure they didn't say "globally compliant registered data controller"?

barman linen

MadsL wrote: »

Are you sure they didn't say "globally compliant registered data controller"?

They alternate between 'registered' and 'compliant'...I agree that it is bluster and if they cant represent themselves properly I cant really trust what else they may say and do with my data.

Thanks !

MadsL

barman linen wrote: »

They alternate between 'registered' and 'compliant'...I agree that it is bluster and if they cant represent themselves properly I cant really trust what else they may say and do with my data.

Thanks !

Are they payroll outsourcing by any chance?

barman linen

MadsL wrote: »

Are they payroll outsourcing by any chance?

Yes....is that a common assertion in that industry..?

MadsL

barman linen wrote: »

Yes....is that a common assertion in that industry..?

Can be, what country is the payroll outsourced to?

barman linen

MadsL wrote: »

Can be, what country is the payroll outsourced to?

Consolidation of multiple non EU payrolls

MadsL

barman linen wrote: »

Consolidation of multiple non EU payrolls

Into an Irish operation or elsewhere?

barman linen

MadsL wrote: »

Into an Irish operation or elsewhere?

EU Operation....

MadsL

barman linen wrote: »

EU Operation....

Well that gives some considerable protection as the data will be held in the EU and they will have to comply with the relevant EU DP law. Have you asked for details of how they secure the data (look for ISO 27001 certification if possible although this is not mandatory) and are they registered as a data processor with their countries Data Protection Commissioner?

Do you have a more specific concern?

barman linen

MadsL wrote: »

Well that gives some considerable protection as the data will be held in the EU and they will have to comply with the relevant EU DP law. Have you asked for details of how they secure the data (look for ISO 27001 certification if possible although this is not mandatory) and are they registered as a data processor with their countries Data Protection Commissioner?

Do you have a more specific concern?

They claim to have all of the above - my issue was that I did not believe that there is a single register for data protection across the world as the regimes are so varied.

I think you have confirmed that for me and we are proceeding on basis of EU rules....

MadsL

barman linen wrote: »

They claim to have all of the above - my issue was that I did not believe that there is a single register for data protection across the world as the regimes are so varied.

I think you have confirmed that for me and we are proceeding on basis of EU rules....

There isn't a global register. But you could register globally with all the data protections in which you do business.

I would check the following;

ISO 27001 certified and independent auditing of their security.
Registered Data Processor (possibly Controller) in the country in which they do business and the processing is carried out.
Check they are not off-shoring the processing to the Phillipines or something.
Ask if they have an Information Security officer and/or Data Protection Officer inhouse.
Ask if they have any other auditing regimen in place. ISO 9001 for instance.

PM me if you want an Irish compnay I recommend.