top of page
  • Writer's pictureDeborah

Under the EU GDPR, personal data may be transferred to a country outside the EU/EEA by meeting the requirements set out in article 46 of the regulations.

Controllers or processors may transfer personal data to receivers outside the EU/EEA:“only if [they have] provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available” (art.46 (1)). Such safeguards are listed in article 46 (2) of the regulations and include the following:

  • Binding corporate rules

  • Standard data protection clauses adopted by the Commission of a supervisory authority

  • An approved code of conduct

  • An approved certification mechanism

In June 2021, the European Data Protection board (EDPB) published its final recommendations on the lawful transfer of personal data in third countries. EDPB’s transfer impact assessment (TIA) contains a total of 6 steps organizations must take, namely:

  • Know/map their transfers

  • Verify the transfers tools

  • Assess the effectiveness of the transfer tools.

  • Identify and adopt supplementary measures that are necessary to bring the level of protection of the data transferred up to the EU standard of essential equivalence.

  • Take procedural steps for the adoption of the supplementary measure identified

  • Re-evaluate at appropriate intervals the level of protection afforded to the personal data you transfer to third countries and to monitor if there have been or there will be any developments that may affect it.

UK ICO’s TRA tool is an alternative to the approach taken by EDPB.


Recent Posts

See All

The Secured Overnight Financing Rate (SOFR) is a broad measure of the cost of borrowing cash overnight collateralized by Treasury securities. SOFR is the overnight interest rate for US dollar-denomina

13/06/2023 - Canadian Securities Administrators (CSA) SEDAR+ go-live date. All issuer filings, cease trade orders and disciplined list entries will be filed in SEDAR+ 16/06/2023 - OSFI consultation pe

On May 11, the Bank for International Settlements (BIS) published a Handbook on how central bank digital currencies (CBDCs) could work for offline payments, defined as a “transfer of value between dev

bottom of page