Do you know about procedure of giving Power of Attorney from controller to processor, to transfer data outside EU on behalf of controller?
Assign topic to the user
Transfer of data outside the EU on behalf of the controller is made through a transfer data agreement and not through a general Power of Attorney. It is because the data controller must set instructions for the data transfer the data processor must comply with. In fact, the data controller will be liable for any infringement of GDPR rules and even for choosing the wrong data processor.Consider that the EU Commission adopted a Standard contractual clause to implement contracts concerning data transfers.
If you are referring to the Power of Attorney in connection with a legal claim (i.e. transferring data outside EU for a legal claim), consider that establishing, exercising or defending legal claims is an exemption to GDPR rules. The Power of Attorney, in this case, can allow data controller or data processor to transfer data outside the EU (of course only data which are necessary for the legal claim.)
Here you can find more information about this topic: - EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
- 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/
- Standard Contractual Clauses - Free download: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes
- Free webinar – How to make personal data transfers to other countries compliant with GDPR: https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/
Comment as guest or Sign in
Feb 12, 2020