At present, a company, either small/medium enterprise or huge corporation, develops its activities within a competitive environment where solely the perspicacious one could gain a profit and hold or improve its positions on the market. Therefore, "firms increasingly buy all or at least parts of selected services they need from external service providers. This is especially true for services which rely to a great extent on new information and communication technologies and they carry out that task by means of outsourcing. The aim of the present research is to examine how a premature termination of a business process outsourcing project (hereafter BPO) might infringe upon several major provisions of the current EU data protection framework. Such a question is relevant because of the technological means inherent in a BPO through which personal data are being processed, and of the great possibility for unlawful data processing after a premature termination of the project. Therefore, a BPO falls under the scope of regulation by Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Ultimately, as the research will show, the DPD 95/46/EC as a legal instrument devoted to protect the right to personal data protection turns to be unable to provide sufficient protection on the data subjects' rights in the context of prematurely terminated BPO contract. Therefore, the Proposed Data Protection Regulation represents an instrument that could deal properly with the said issue, especially if some proposals for amendments made within the present paper be taken into account.
This book provides conceptual and empirical insights into the complex relationship between Business Process Outsourcing (BPO) as a proliferated business model in the financial sector, and the EU personal data protection framework. The outhor critically scrutinizes the existing data protection legislation on a Europeon level, pointing out the weak spots related to the allocation of responsibilities between a data controller and a data processor in the context of BPO. Moreover, he provides de lege ferenda proposals aimed at enhancing the future legal regime in view of the technological developments inherent to the information society. The book might contribute to the work of acting legal officers in the private sector dealing with outsourcing activities as welf as to the legislator in his efforts to strengthen the EU data proteetion model.
Sevdalina Georgieva, Head of the Legal Department of "Automotor Corporation" JSC, the official representative of Citroen for Bulgaria.