GDPR International Transfers with Examples

Показать описание

Defradar Online Training Academy

All in One Privacy Course:

Etsy Store - Executive Resume Templates

The GDPR primarily applies to controllers and processors located in the European Economic Area (the EEA) with some exceptions.
Individuals, risk losing the protection of the GDPR if their personal data is transferred outside of the EEA.
On that basis, the GDPR restricts transfers of personal data outside the EEA, or the protection of the GDPR, unless the rights of the individuals in respect of their personal data is protected in another way, or one of a limited number of exceptions applies.
A transfer of personal data outside the protection of the GDPR (which we refer to as a ‘restricted transfer’), most often involves a transfer from inside the EEA to a country outside the EEA.
If you wish to do so, you should answer the following questions, until you reach a provision which permits your restricted transfer:

- Are we planning to make a restricted transfer of personal data outside of the EEA?
- Do we need to make a restricted transfer of personal data in order to meet our purposes?
- Has the EU made an ‘adequacy decision’ in relation to the country or territory where the receiver is located or a sector which covers the receiver?
- Have we put in place one of the ‘appropriate safeguards’ referred to in the GDPR?
- Does an exception provided for in the GDPR apply?
- If yes, you can make the transfer. If no you cannot make the transfer in accordance with the GDPR
If you reach the end without finding a provision which permits the restricted transfer, you will be unable to make that restricted transfer in accordance with the GDPR.

In brief
What are the restrictions on international transfers?
The GDPR restricts the transfer of personal data to countries outside the EEA, or international organisations. These restrictions apply to all transfers, no matter the size of transfer or how often you carry them out.