EU GDPR interpretation and transferring data
1. Binding Corporate rules - are these the only way to transfer data from inside the EU to outside the EU (to UK and EU)
2. Which EU region has the toughest interpretation of GDPR?
Assign topic to the user
1. Binding Corporate rules - are these the only way to transfer data from inside the EU to outside the EU (to UK and EU)
No, you can transfer data based on an adequacy decision under Article 45 GDPR. This applies when the transfer is towards one country that the EU Commission considers providing an adequate level of security for the freedom and rights of individuals.
The European Commission has so far recognized Andorra, Argentina, Canada (commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Switzerland, and Uruguay as providing adequate protection.
Here you can monitor countries if new countries enter. There are ongoing talks with South Korea and the procedure for the adequacy decision of the UK has been launched on February 19th: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
In case of an adequacy decision, you can transfer data (being compliant with all other GDPR requirements).
In case the adequacy decision is missing you can either apply appropriate safeguards under article 46 GDPR adopting:
- Standard contractual clauses approved by the EU Commission
- Agreements approved by Surveillance Authorities
- And (of course) Binding Corporate Rules.
2.Which EU region has the toughest interpretation of GDPR?
It is hard to say because the EU Surveillance Authorities of the 27 Member State meet in the European Data Protection Board (EDPB) where they adopt Guidelines to harmonize interpretation among EU countries and avoid different levels of interpretation.
Here you can find more information on data transfer under GDPR:
- 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
- Free webinar – How to make personal data transfers to other countries compliant with GDPR: https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/
You can also consider enrolling in this free online training EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course//
Comment as guest or Sign in
Feb 25, 2021