Guest user Created: Jun 12, 2020 Last commented: Jun 12, 2020

Default legal position around data transfers under German Laws

I am trying to find the default legal position around data transfers under the German Laws. In the UK, if a contract says that parties shall comply with the position of the DPA. It means that parties can transfer data amongst its affiliates if the parties have one of the EU the approved transfer mechanisms in place. Therefore I want to determine what German law enables/ permits this. Is it something you can assist with?

0 0

Assign topic to the user

Select user

Expert

Alessandra Nisticò Jun 12, 2020

Germany applies the GDPR which is an EU Regulation with direct application in the EU Member States legislation. Therefore, data transfers are ruled by Articles 44 - 50 GDPR.

Transfers of data are free among the EU countries, while outside EU are subject to some requirements like:

adequacy decision by the EU Commission. Now the EU Commission made adequacy decisions for the following countries: Andorra, Argentina, Canada, Faeroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay and the United States (Privacy Shield). You can verify on the EU Commission website any update to the list: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en).

Standard data protection clauses adopted by the Commission which are contractual clauses that grant some protection rights to parties.

Standard data protection clauses adopted by a supervisory authority (DPA) This is the link to the Federal Data Protection Authority in Germany: https://www.bfdi.bund.de/EN/Home/home_node.html

An approved code of conduct together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights; or

an approved certification mechanism together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights

Here you can find some information:• 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/• Standard Contractual Clauses for the Transfer to Processors and Standard Contractual Clauses for the Transfer to Controllers.: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes• EU GDPR Article 44 – General principle for transfers: https://advisera.com/eugdpracademy/gdpr/general-principle-for-transfers/• EU GDPR Article 45 – Transfers on the basis of an adequacy decision: https://advisera.com/gdpr/transfers-on-the-basis-of-an-adequacy-decision/• EU GDPR Article 46 – Transfers subject to appropriate safeguards: https://advisera.com/gdpr/transfers-subject-to-appropriate-safeguards/• EU GDPR Article 47 – Binding corporate rules: https://advisera.com/gdpr/binding-corporate-rules/• Free webinar – How to make personal data transfers to other countries compliant with GDPR: https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/

You may also consider enrolling in this online EU GDPR Foundations Course:EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 12, 2020

Expert Advice Community