Ask a Law Question, Get an Answer ASAP!
Thank you for your question and welcome. My name is ***** ***** I will assist you. I am data privacy expert. When considering GDPR it only applies to EU citizen and their personal. This would only be an issue in relation to GDPR - if you are processing personal data for EU citizens. Do you know what type of data you are handling?
Generally this clause requires you to restrict who can access the client data, keep a record of who has accessed it - and then remove it from your systems with 30 days. Can you comply with these requirements? Kind regards AJ
Thank you. ***** purpose - you need to make sure:
- The client has the lawful basis to process the data - in this case probably consent;
- As the data is being transferred to the UK - this non EU to non EU (following BREXIT) data transfer. So the responsibility to import the data to the US and back out again - is their responsibility.
Your risk as far as GDPR is concerned is probably low.
I would ad a clause in to say:
"To the extent that any PII is subject to GDPR - the client warrants that it has lawful basis to obtain and process the data in accordance with Article 6 of GDPR"
Kind regards AJ
Thank you. Could you kindly rate my response? If I can assist any further please do not hesitate to contact me. Kind regards AJ