Hi. There are currently two Standard Contractual Clauses - 'Controller to Controller' and 'Controller to Processor'. They are both built for the Controller to be the exporter of the data. We are an EU based company who will be receiving data from a Non EU based company. The Non EU based company is the controller of the data and we are the processor.
My understanding is that the Controller sending the data does not need to take action when sending us the data as their government deems the EU laws 'adequate'. However, we carry out work on the data and then need to return the data file to the Controller (outside the EU). What actions does there need to be in place for this, if any? I do not see a Standard Contractual Clause that would cover this currently i.e a Processor exporting data back to a Non EU Controller.
Your advice would be appreciated
Kevin
Assign topic to the user
Expert
Andrei Hanganu
Oct 14, 2019
In the situation described you would need to have in place Controller to Processor Standard Contractual Clauses. The non-EU Controller sending and receiving the data from you should see to that regardless if the exchange of data goes both ways.
If you want to find out more cross border data transfers check out this free webinar How to make personal data transfers to other countries compliant (https://advisera.com/webinars/how-to-make-personal-data-transfers-compliant-with-gdpr-free-webinar-on-demand/).
Comment as guest or Sign in
Oct 11, 2019
Oct 14, 2019
Oct 14, 2019