1. If a company is based in non-European country wants to transfer European data to non-European country, what are GDPR requirements?
You need to follow the instruction of Chapter V GDPR, which requires verifying if the country of destination benefits from an adequate decision. If so, you can proceed with the transfer. Otherwise, you should verify if you can implement appropriate safeguards like Standard Contractual Clauses or Binding Corporate Rules, or follow in one of the exceptions under Article 49 GDPR.
2. Does a company need to create binding corporate rules if it has only one branch
Binding Corporate Rules (BCR) are the long and complicated mechanisms that need to be approved by Authorities. Usually, large groups of companies have BCR, most organizations rely on Standard Contractual Clauses (SCC).
3. Is there any available approved binding corporate rules approved by authorities to be followed
Yes, you can find on the internet some BCR approved, but they are customized on the data processing of the company, their asset, and safeguards implemented. There is no standard BCR to customize.
4. Who should create the data transfer impact assessment the controller or the processor
The data controller is liable for transfer impact assessment, however, if the export of data is from a data processor to a data sub-processor, the data processor may assess the impact of transfer in order to certify its own compliance with the data controller.
5. Is there any available Transfer impact assessment template for processor
No, currently we have the template for the Cross Border Personal Data Transfer Procedure which can be tailored on transfers as controller or processor.
For more information, see:
6. Where can I find the updated version of the controller-processor SCCs.
You can find it on the website of the EU Commission: https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj
Here you can find more information about data transfer:
If you want to learn how to implement GDPR compliance in your organization, you may consider enrolling in our EU GDPR Foundations Course: https://training.advisera.com/course/eu-gdpr-foundations-course/