IS Cross Border Personal Data Transfer Procedure actual according to GDPR?
In the process of the implementation of the Cross Border Personal Data Transfer Procedure, please clarify if the section below is still actual according to the GDPR and repealing Directive 95/46/EC.
2. Definitions
Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Assign topic to the user
According to Article 3 GDPR, the Regulation has a worldwide application and aims to create a free circulation of personal data in the EU and under some circumstances and safeguards towards third countries in consideration of risks for freedoms and rights.
Therefore, the GDPR does not mention "Data Importer" nor "Data exporter". However, these definitions can be used by companies to describe the location of processors in relation to the transfer of data.
You can find more information here:
- What is the EU GDPR and why is it applicable to the whole world? https://advisera.com/eugdpracademy/knowledgebase/what-is-the-eu-gdpr-and-why-is-it-applicable-to-the-whole-world/
- 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
- Standard Contractual Clauses for the Transfer to Processors and Standard Contractual Clauses for the Transfer to Controllers.: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
- Free webinar – How to make personal data transfers to other countries compliant with GDPR: https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/
You may also consider enrolling in this online EU GDPR Foundations Course: https://advisera.com/training/eu-gdpr-foundations-course/
According to my request:
2. Definitions
Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Actually I was wonder if the using of the Directive 95/46/EC in the documents is still correct according to the GDPR and repealing Directive 95/46/EC.
And the explanation below through your Expert Advice Community does not apply to my question:
According to Article 3 GDPR, the Regulation has a worldwide application and aims to create a free circulation of personal data in the EU and under some circumstances and safeguards towards third countries in consideration of risks for freedoms and rights. Therefore, the GDPR does not mention "Data Importer" nor "Data exporter". However, these definitions can be used by companies to describe the location of processors in relation to the transfer of data.
Could you please assist me in this case?
According to my request:
2. Definitions
Data Importer - the Processor established in a third country who agrees to receive, from the data exporter, personal data intended for processing on the data exporter’s behalf after the transfer, in accordance with his instructions and the terms of applicable laws, and who is not subject to a third country’s system ensuring adequate protection within the meaning of Article 25(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Actually I was wonder if the using of the Directive 95/46/EC in the documents is still correct according to the GDPR and repealing Directive 95/46/EC.
And the explanation below through your Expert Advice Community does not apply to my question:
According to Article 3 GDPR, the Regulation has a worldwide application and aims to create a free circulation of personal data in the EU and under some circumstances and safeguards towards third countries in consideration of risks for freedoms and rights. Therefore, the GDPR does not mention "Data Importer" nor "Data exporter". However, these definitions can be used by companies to describe the location of processors in relation to the transfer of data.
Could you please assist me in this case?
If I correctly understand your question, you are asking if in your documentation you can mention the Directive 95/46/EC.
As you correctly said, Directive 95/46/EC has been replaced by GDPR and it is not in force anymore. Therefore, it is not correct to mention Directive 95/46/EC in your documentation, you should refer to GDPR.
GDPR does not mention “Data Importer” and “Data Exporter”, only the data controller and data processor.
If you want to keep the definition of “Data Importer” and “Data Exporter” in your documentation, you should define it inside the GDPR framework (i.e. “Data Importer is a data processor under Article 28 GDPR which is located in a third country where the data are transferred with adequate safeguards according to Articles 44-50 GDPR”) and then you can keep using those definitions.
Comment as guest or Sign in
Jun 15, 2020