IDC Names Securiti a Worldwide Leader in Data Privacy

View
Contact Us Schedule a Demo

What Does European Commissions’ Adequacy Decision Mean?

What Does European Commissions’ Adequacy Decision Mean?
By Maria Khan
Published January 3, 2022 / Updated November 22, 2023

Listen to the content

Explaining European Commissions’ GDPR Adequacy Decisions

The European Union’s GDPR applies to organizations within and outside the EU where countries that aren’t a part of the EU are regarded as third countries.

The GDPR restricts the transfer of a data subject’s personal data to third countries unless security measures of the third country protect their personal data or the data is legally required for processing.

Having an adequacy decision declared for a country means that any data controller or data processor can transfer data from the EU and EEA countries to that third country more easily as the controller or processor does not need to put in additional legal and technical safeguards because the third country’s laws offer similar protection to GDPR.

What is an Adequacy Decision?

This does not require the third country to have exactly the same law as GDPR, but contain sufficient safeguards for the EU to consider it “adequate”.

The European Commission reviews the laws and practises of third countries to check whether they offer the same levels of data protection presently existing within the EU. Essentially, an adequacy decision is a conclusive decision that permits a data transfer across the EU borders without further authorization from the governing authority.

The EU’s executive branch or the European Commission can determine whether a third country has an adequate level of data protection. It means transfers of personal data from the EU to adequate countries can occur without further safeguards.

When it comes to adopting an adequacy decision, certain formalities need to be taken care of:

  • An official proposal from the European Commission
  • An opinion from the European Data Protection Board
  • The explicit approval from the EU countries’ representatives
  • The European Commission’s approval of the decision

The EU’s adequacy decision states that personal data can flow from the EU to third countries (adequate countries) without necessary further safeguard.

List of Adequate Countries

As at December 29th 2021, the European Commission has so far recognized the following countries/states as having adequate protection:

  • Andorra
  • Argentina
  • Canada (commercial organizations)
  • Faroe Islands
  • Guernsey
  • Israel
  • Isle of Man
  • Japan
  • Jersey
  • New Zealand
  • Republic of Korea
  • Switzerland
  • United Kingdom
  • Uruguay

The countries/states, as mentioned above, can receive the personal data of data subjects from the EU as they have appropriate conditions that safeguard the data once received.

Maria Khan

Authored by Maria Khan

Maria Khan is a IAPP Certified Information Privacy Professional (CIPP/Europe) and a Certified Information Privacy Manager (CIPM). She earned her LL.M from the University of Michigan Law School, where she received the Michigan Grotius Fellowship, a fully-funded award. Additionally, Maria holds a B.A-LL.B (Hons.) from Pakistan.

Passionate about data privacy, AI governance, and business and human rights, Maria facilitates organizations in evaluating data privacy compliance risks and offers privacy-compliant solutions. She plays a key role in supporting regulatory intelligence within products/software and aiding organizations in meeting compliance efforts. Maria possesses a substantial understanding of global data privacy obligations, particularly in relation to AI governance, consent management, user transparency, digital marketing, cross-border data transfers, and AI risk assessments.

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Share

More Stories that May Interest You

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software View More

September 11, 2023

Securiti named a Leader in the IDC MarketScape for Data Privacy Compliance Software

Securiti has just been recognized as a Leader in the “IDC MarketScape: Worldwide Data Privacy Compliance Software 2023 Vendor Assessment” report. This makes us...

Privacy-by-Design and Privacy-by-Default View More

May 10, 2023

Privacy-by-Design and Privacy-by-Default

Privacy-by-design and privacy-by-default are two cornerstone concepts of data protection regulatory frameworks. Thus, compliance thereof is an essential legal prerequisite for any entity which...

Behind the Pixel: Understanding the Risks and Impact of Pixel Tracking View More

April 5, 2023

Behind the Pixel: Understanding the Risks and Impact of Pixel Tracking

Online advertising has permeated every aspect of our digital experiences. From search engine results to social media feeds, advertisements seem to follow us everywhere...

At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.

Copyright © 2023 Securiti · Sitemap · XML Sitemap

Newsletter

Company

Resources

Terms

Get in touch

info@securiti.ai
Securiti, Inc.
300 Santana Row
Suite 450
San Jose, CA 95128

Gartner Cool Vendor Award Forrester Badge IAPP Innovation award 2020 IDC Worldwide Leader RSAC Leader CBInsights Forbes Security Forbes Machine Learning G2 Users Most Likely To Recommend