The impact of Business Process Outsourcing on privacy and data protection: A thorough risk analysis

At present, a company - whether being a small/medium enterprise or a huge corporation - develops its activities within a competitive environment where solely the one with acute discernment can gain a profit and hold or improve its positions on the market. Therefore, firms increasingly buy all or (at least) parts of selected services they need from external service providers. This is especially true for services which rely to a great extent on new information and communication technologies, often being carried out by means of outsourcing. This book examines how a premature termination of a business process outsourcing (BPO) project might infringe upon several major provisions of the current EU data protection framework. Such a concern is relevant because of the technological means inherent in a BPO through which personal data are being processed, and of the great possibility for unlawful data processing after a premature termination of the project. Therefore, a BPO falls under the scope of regulation by Directive 95/46/EC of the European Parliament on the protection of individuals, with regard to the processing of personal data and on the free movement of such data. Ultimately, as the research shows, Directive 95/46/EC is unable to provide sufficient protection on the data subjects' rights in the context of prematurely terminated BPO contracts. Therefore, the Proposed Data Protection Regulation represents an instrument that could deal properly with the said issue, especially if some of the book's proposals for amendment are taken into account.