Power of Attorney

Transfer of data outside the EU on behalf of the controller is made through a transfer data agreement and not through a general Power of Attorney. It is because the data controller must set instructions for the data transfer the data processor must comply with. In fact, the data controller will be liable for any infringement of GDPR rules and even for choosing the wrong data processor.Consider that the EU Commission adopted a Standard contractual clause to implement contracts concerning data transfers.

If you are referring to the Power of Attorney in connection with a legal claim (i.e. transferring data outside EU for a legal claim), consider that establishing, exercising or defending legal claims is an exemption to GDPR rules. The Power of Attorney, in this case, can allow data controller or data processor to transfer data outside the EU (of course only data which are necessary for the legal claim.)

Here you can find more information about this topic: - EU GDPR controller vs. processor – What are the differences? https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/

- 3 steps for data transfers according to GDPR: https://advisera.com/articles/3-steps-for-data-transfers-according-to-gdpr/

- Standard Contractual Clauses - Free download: https://info.advisera.com/eugdpracademy/free-download/standard-contractual-clauses-annexes

- Free webinar – How to make personal data transfers to other countries compliant with GDPR: https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/