LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

EU GDPR questions

  Quote
Guest
Guest user Created:   Dec 14, 2021 Last commented:   Dec 15, 2021

EU GDPR questions

1. If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements2. Does a company need to create binding corporate rules if it has only one branch 3. Is there any available approved binding corporate rules approved by authorities to be followed 4. Who should create the data transfer impact assessment the controller or the processor 5. Is there any available Transfer impact assessment template for processor 6. Where can I find the updated version of the controller-processor  SCCs.
0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Dec 15, 2021

1. If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements?

You need to follow the instruction of Chapter V GDPR, which requires verifying if the country of destination benefits from an adequate decision. If so, you can proceed with the transfer. Otherwise, you should verify if you can implement appropriate safeguards like Standard Contractual Clauses or Binding Corporate Rules, or follow in one of the exceptions under Article 49 GDPR.

2. Does a company need to create binding corporate rules if it has only one branch

Binding Corporate Rules (BCR) are the long and complicated mechanisms that need to be approved by Authorities. Usually, large groups of companies have BCR, most organizations rely on Standard Contractual Clauses (SCC).

3. Is there any available approved binding corporate rules approved by authorities to be followed

Yes, you can find on the internet some BCR approved, but they are customized on the data processing of the company, their asset, and safeguards implemented. There is no standard BCR to customize.

4. Who should create the data transfer impact assessment the controller or the processor

The data controller is liable for transfer impact assessment, however, if the export of data is from a data processor to a data sub-processor, the data processor may assess the impact of transfer in order to certify its own compliance with the data controller.

5. Is there any available Transfer impact assessment template for processor

No, currently we have the template for the Cross Border Personal Data Transfer Procedure which can be tailored on transfers as controller or processor.

For more information, see:

6. Where can I find the updated version of the controller-processor  SCCs.

You can find it on the website of the EU Commission: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Here you can find more information about data transfer:

If you want to learn how to implement GDPR compliance in your organization, you may consider enrolling in our EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Dec 14, 2021

Dec 15, 2021

Suggested Topics

Guest user Created:   Feb 21, 2021 EU GDPR
Replies: 3
0 0

EU GDPR questions

Guest user Created:   Feb 05, 2020 EU GDPR
Replies: 1
0 0

EU GDPR questions

Guest user Created:   Jan 21, 2020 EU GDPR
Replies: 1
0 0

EU GDPR questions