IDC Names Securiti a Worldwide Leader in Data Privacy
ViewListen to the content
The European Union’s GDPR applies to organizations within and outside the EU where countries that aren’t a part of the EU are regarded as third countries.
The GDPR restricts the transfer of a data subject’s personal data to third countries unless security measures of the third country protect their personal data or the data is legally required for processing.
Having an adequacy decision declared for a country means that any data controller or data processor can transfer data from the EU and EEA countries to that third country more easily as the controller or processor does not need to put in additional legal and technical safeguards because the third country’s laws offer similar protection to GDPR.
This does not require the third country to have exactly the same law as GDPR, but contain sufficient safeguards for the EU to consider it “adequate”.
The European Commission reviews the laws and practises of third countries to check whether they offer the same levels of data protection presently existing within the EU. Essentially, an adequacy decision is a conclusive decision that permits a data transfer across the EU borders without further authorization from the governing authority.
The EU’s executive branch or the European Commission can determine whether a third country has an adequate level of data protection. It means transfers of personal data from the EU to adequate countries can occur without further safeguards.
When it comes to adopting an adequacy decision, certain formalities need to be taken care of:
The EU’s adequacy decision states that personal data can flow from the EU to third countries (adequate countries) without necessary further safeguard.
As at December 29th 2021, the European Commission has so far recognized the following countries/states as having adequate protection:
The countries/states, as mentioned above, can receive the personal data of data subjects from the EU as they have appropriate conditions that safeguard the data once received.
Maria Khan is a IAPP Certified Information Privacy Professional (CIPP/Europe) and a Certified Information Privacy Manager (CIPM). She earned her LL.M from the University of Michigan Law School, where she received the Michigan Grotius Fellowship, a fully-funded award. Additionally, Maria holds a B.A-LL.B (Hons.) from Pakistan.
Passionate about data privacy, AI governance, and business and human rights, Maria facilitates organizations in evaluating data privacy compliance risks and offers privacy-compliant solutions. She plays a key role in supporting regulatory intelligence within products/software and aiding organizations in meeting compliance efforts. Maria possesses a substantial understanding of global data privacy obligations, particularly in relation to AI governance, consent management, user transparency, digital marketing, cross-border data transfers, and AI risk assessments.
Get all the latest information, law updates and more delivered to your inbox
September 11, 2023
Securiti has just been recognized as a Leader in the “IDC MarketScape: Worldwide Data Privacy Compliance Software 2023 Vendor Assessment” report. This makes us...
May 10, 2023
Privacy-by-design and privacy-by-default are two cornerstone concepts of data protection regulatory frameworks. Thus, compliance thereof is an essential legal prerequisite for any entity which...
April 5, 2023
Online advertising has permeated every aspect of our digital experiences. From search engine results to social media feeds, advertisements seem to follow us everywhere...
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128