A: Yes it does.
You might not think so, but under EU data protection laws, viewing from a computer terminal in country A personal data which is sitting on a server located in country B will involve a "transfer" of that data from country B to country A.
This means that because India's data privacy laws are not regarded by the EU as giving "adequate" protection to personal data, this transfer will be illegal unless one of the recognised ways of making legal transfers of personal data is deployed.
One way of ensuring the transfer is legal is to get the express prior written consent of all individuals whose data is being "transferred."
Another way is to arrange for the transfer to occur under the terms of a written contract between your company and the Indian company. This contract must include, word for word, "model clauses" as drawn up by the European Commission and available on the .
That's not the end of the story. Depending on the exact circumstances of the transfer, to ensure that the transfer is "fair and "lawful" as required by the Data Protection Act 1998 it may also be necessary to take more steps in advance of the transfer. These may include giving suitably worded disclosures to all individuals involved, possibly by way of a Privacy Policy, that these transfers might take place.
Stephen Groom, head of marketing and privacy law, Osborne Clarke