Assign topic to the user
If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements?
GDPR requirements for the transfer of data outside the EU are listed in Chapter V GDPR and require to the data controller to ensure that the level of data protection offered by the GDPR is not undermined. The steps are the following:
1. Verify if the destination country benefits from an adequate decision of the EU Commission. If so, you can proceed with the data transfer. Here you can find the countries with adequacy decisions: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
2. If the country importing EU data is not included you need to assess the security of the country and select another transfer mechanism like the Standard Contractual Clauses (SCC) which incorporates the requirements of the EU GDPR. https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
Does a company need to create binding corporate rules if it has only one branch?
No, the mechanism of approval of Binding corporate rules is long and complex and requires approval from the Supervisory Authority or the European Commission. Usually, large multinational company groups require the approval of Binding Corporate Rules (BCR), while many companies (included large tech companies, like Google) prefer the Standard Contractual Clauses.
Is there any available approved binding corporate rules approved by authorities to be followed
Yes, I believe you can find it on the web, but the BCR adapts to the structure of the company, is tailored to the processing and transfers.
Here you can find more information about data transfer:
3 steps for data transfers according to GDPR https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/
Comment as guest or Sign in
Dec 09, 2021