Important Facts About GDPRs Cross Border Data Transfers Impact Assessment
The GDPR allows for the cross-border transfer of personal data to countries or international organizations that are not part of the European Economic Area (EEA), as long as certain safeguards, such as adequacy decisions, appropriate safeguards, and derogations, are in place to ensure an essentially equivalent level of data protection.
Personal data transfers between EEA countries do not require any additional safeguards. According to the GDPR, the data controller must inform the data subject of the data transfer's objective at the time of collection and other elements such as the existence or absence of an adequacy decision, adequate measures, or derogations.
Codes of conduct detailing the implementation of the GDPR may be prepared by associations and other entities representing groups of data controllers or processors. Cross-border data transfers may be permitted if established norms of conduct are followed.
Cross-border data transfers may be possible results of data protection certification systems. Certifications are issued for three years and may be renewed after approval by the competent supervisory authority.
The GDPR allows enterprises to rely on specific derogations for cross-border data transfers when transferring data to a non-adequate nation, and there are no safeguards in place.