The Data Protection Directive (officially Directive 95/46/EC) regulates the processing of personal data within the European Union and also provides the criteria for Safe Harbour privacy for companies operating within the European Union. The Safe Harbour regulations forbid sending of customer’s personal data to countries outside the European Economic Area unless there is a guarantee that it will receive adequate levels of protection. There are no Safe Harbour considerations for EU companies with services deployed to Scotland while Scotland is part of the UK and when Scotland has become independent of the UK and joined the EU as an independent country. However there may be a period of time between Scotland becoming independent and joining the EU (as an independent country) when Safe Harbour requirements really matter. At this time no EU company will have a Safe Harbour agreement with the newly independent Scotland. Therefore any company with Identity Stores (or business systems containing personal data) deployed in Scotland will be in breach of the Data Protection Directive.