Expert Advice Community

Guest

IS Cross Border Personal Data Transfer Procedure actual according to GDPR?

  Quote
Guest
Guest user Created:   Jun 05, 2020 Last commented:   Jun 15, 2020

IS Cross Border Personal Data Transfer Procedure actual according to GDPR?

In the process of the implementation of the Cross Border Personal Data Transfer Procedure, please clarify if the section below is still actual according to the GDPR and repealing Directive 95/46/EC.

2. Definitions
Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

0 0

Assign topic to the user

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

EU GDPR DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Alessandra Nisticò Jun 08, 2020

According to Article 3 GDPR, the Regulation has a worldwide application and aims to create a free circulation of personal data in the EU and under some circumstances and safeguards towards third countries in consideration of risks for freedoms and rights.

Therefore, the GDPR does not mention "Data Importer" nor "Data exporter". However, these definitions can be used by companies to describe the location of processors in relation to the transfer of data.

You can find more information here:

You may also consider enrolling in this online EU GDPR Foundations Course:

EU GDPR Foundations Course: https://training.advisera.com/se/eu-gdpr-foundations-course//

Quote
0 0
Guest
Guest user Jun 15, 2020

According to my request:

2. Definitions

Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Actually I was wonder if the using of the Directive 95/46/EC in the documents is still correct according to the GDPR and repealing Directive 95/46/EC.

And the explanation below through your Expert Advice Community does not apply to my question:

According to Article 3 GDPR, the Regulation has a worldwide application and aims to create a free circulation of personal data in the EU and under some circumstances and safeguards towards third countries in consideration of risks for freedoms and rights. Therefore, the GDPR does not mention "Data Importer" nor "Data exporter". However, these definitions can be used by companies to describe the location of processors in relation to the transfer of data.

 Could you please assist me in this case?

Quote
0 0
Guest
Guest user Jun 15, 2020

According to my request:

2. Definitions

Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Actually I was wonder if the using of the Directive 95/46/EC in the documents is still correct according to the GDPR and repealing Directive 95/46/EC.

And the explanation below through your Expert Advice Community does not apply to my question:

According to Article 3 GDPR, the Regulation has a worldwide application and aims to create a free circulation of personal data in the EU and under some circumstances and safeguards towards third countries in consideration of risks for freedoms and rights. Therefore, the GDPR does not mention "Data Importer" nor "Data exporter". However, these definitions can be used by companies to describe the location of processors in relation to the transfer of data.

 Could you please assist me in this case?

Quote
0 0
Expert
Alessandra Nisticò Jun 15, 2020

If I correctly understand your question, you are asking if in your documentation you can mention the Directive 95/46/EC.

As you correctly said, Directive 95/46/EC has been replaced by GDPR and it is not in force anymore. Therefore, it is not correct to mention Directive 95/46/EC in your documentation, you should refer to GDPR.

GDPR does not mention “Data Importer” and “Data Exporter”, only the data controller and data processor.

If you want to keep the definition of “Data Importer” and “Data Exporter” in your documentation, you should define it inside the GDPR framework (i.e. “Data Importer is a data processor under Article 28 GDPR which is located in a third country where the data are transferred with adequate safeguards according to Articles 44-50 GDPR”) and then you can keep using those definitions.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jun 05, 2020

Jun 15, 2020