Working from European country on UK contract

Does it need to be said that I am not telling people to NOT use their common sense.

Obviously if your clients data policies have strong data sovereignty rules, you should follow them otherwise you are a walking data breach. There are plenty of organisations that don't demand their data is kept in the UK. It depends on the client, industry etc.

I don't work in intelligence or public sector, I work with clients who often have their data spread across SaaS applications based in various parts of the world. You can't say you don't want your data to leave the UK when it's hosted on a SaaS app in the EEA or US.

Apologies, I take that back on your first point. On everything else, no, being unaware is *not* a viable option, not if you want longevity and recognition as a legitimate business (where clients recommend you to other clients). For small businesses, 99% of securing business overseas is networking and contacts. Depending on the contractual terms, hiding your location could land you in serious contractual difficulties but, regardless of the contractual terms, it is just poor business to try and pull a fast one. Again, working direct and presenting yourself as an overseas supplier (that offers something they want) is the way to do it, none of this cloak-and-daggers BS.

I agree. I wouldn't do it without everyone in contractual chain being happy.

Each to their own though. I don't see an issue with working from abroad if there are no data protection issues and no contractual issues. Many organisations just won't care as long as you are within the scope of their policies.

Read the rules, follow the rules. What's the problem? If your clients data policies say that no data must leave the EEA, then why can't you be in France if nothing states that you have to be in the UK?

Was this you:


You don't work in the sectors, so you can't say how those sectors run and how they work with local requirements on data protection.

There is absolutely no problem if you are transparent from the beginning and everyone is onboard. Again, that is a 0.1% scenario for a contract involving an agency, partly because of the agent's policies and partly because of the type of contracts they deal with (mostly labour supplies, T&M). If you're trying to hide something from another party in the contractual chain, you already have your answer, even if you think it might comply with their policies or their policies are unstated. If you're upfront, you will always get the right answer and, in the vast majority of cases involving agency work, that answer will be "nope". It is not so much about reading rules as being completely upfront.

So you agree that data sovereignty is important. So how does that work with your statement in bold below
Where you are encouraging people to ignore data sovereignty to get work.

I literally said I don't work with clients that have tight data sovereignty issues.....

How do you know that a client doesn't have tight data sovereignty issues - if you looked at my business you wouldn't see them but they exist because of the contracts we have with third parties you would not know about.

IN SHORT: be within the scope of your agreements and documented policies - if this isn't enough, then I'm wrong.


Please excuse me, English is my third language and I believe context is missing in a lot of English conversations unless you list every possible combination of what you are trying to say (very difficult).

I just spent ages trying to write every possible combination of what could happen but it's just too hard to follow so I'm going to write one small summary. I'm sure there are edge cases you can come up with i.e. what if my client is the secret intelligence service omg but please refrain.

Assumptions:

1. Your client (or agent from hereon in) has a data policy which does not mention one specific country
2. Your client is not legally obliged to keep their data on one specific country
3. Nobody has told your or documented that location of your role must be in one specific country

If the above three are true, feel free to work anywhere you want within the scope of your signed (or otherwise) agreements.

I'm saying it's an option, I'm not saying it's the best options.

None of my clients have ever had a policy that states UK data, many have specified EEA data though.

I would imagine (but I don't work here as someone else pointed out) that if you work for an FS client that processes mortgages, maybe they required the data to be within the UK. this is a case of your foreign location clearly being outside the scope of their data policy. In this scenario, I would exercise common sense.

The only assumption you are making is the idea that you can look at a company or sector as a whole and from that derive the actual details of the company as a whole.

You simply can't do that - as a company may have way higher security restrictions than would be obvious simply because of a third party client that requires that that you as a contractor looking into the company would never see.