Guest user Created: Dec 14, 2021 Last commented: Dec 15, 2021

EU GDPR questions

1. If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements2. Does a company need to create binding corporate rules if it has only one branch 3. Is there any available approved binding corporate rules approved by authorities to be followed 4. Who should create the data transfer impact assessment the controller or the processor 5. Is there any available Transfer impact assessment template for processor 6. Where can I find the updated version of the controller-processor SCCs.

0 0

Assign topic to the user

Select user

Expert

Alessandra Nisticò Dec 15, 2021

1. If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements?

You need to follow the instruction of Chapter V GDPR, which requires verifying if the country of destination benefits from an adequate decision. If so, you can proceed with the transfer. Otherwise, you should verify if you can implement appropriate safeguards like Standard Contractual Clauses or Binding Corporate Rules, or follow in one of the exceptions under Article 49 GDPR.

2. Does a company need to create binding corporate rules if it has only one branch

Binding Corporate Rules (BCR) are the long and complicated mechanisms that need to be approved by Authorities. Usually, large groups of companies have BCR, most organizations rely on Standard Contractual Clauses (SCC).

3. Is there any available approved binding corporate rules approved by authorities to be followed

Yes, you can find on the internet some BCR approved, but they are customized on the data processing of the company, their asset, and safeguards implemented. There is no standard BCR to customize.

4. Who should create the data transfer impact assessment the controller or the processor

The data controller is liable for transfer impact assessment, however, if the export of data is from a data processor to a data sub-processor, the data processor may assess the impact of transfer in order to certify its own compliance with the data controller.

5. Is there any available Transfer impact assessment template for processor

No, currently we have the template for the Cross Border Personal Data Transfer Procedure which can be tailored on transfers as controller or processor.

For more information, see:

Cross Border Personal Data Transfer Procedure https://advisera.com/eugdpracademy/documentation/cross-border-personal-data-transfer-procedure/

6. Where can I find the updated version of the controller-processor SCCs.

You can find it on the website of the EU Commission: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj

Here you can find more information about data transfer:

3 steps for data transfers according to GDPR https://advisera.com/eugdpracademy/knowledgebase/3-steps-for-data-transfers-according-to-gdpr/

If you want to learn how to implement GDPR compliance in your organization, you may consider enrolling in our EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Dec 14, 2021

Dec 15, 2021

Expert Advice Community