Securiti launches Gencore AI, a holistic solution to build Safe Enterprise AI with proprietary data - easily

View
Contact Us See a demo

Cross-Border Data Transfers Under GDPR: Lessons From Uber’s €290 Million Fine

This infographic will provide you with:

  • Measures and processes your organization can adopt to ensure compliance with the GDPR’s provisions related to cross-border data transfers;
  • Appropriate alternatives to adopt in case the initially recommended safeguards and measures cannot be implemented;
  • Appropriate Securiti modules and products that can help your organization comply with various necessary international data transfer obligations per the GDPR.

DOWNLOAD INFOGRAPHIC

Award-winning technology, built by a proven team, backed by confidence. Learn more.

The Dutch DPA recently fined Uber a mammoth €290 million ($324 million), citing its violation of GDPR provisions related to cross-border data transfers. While Uber has since made public its intention to appeal the fine, this episode should reiterate the importance of adhering to the GDPR’s strict international data transfer obligations for others.

Securiti’s detailed infographic illustrates the critical steps all organizations can take to ensure their compliance with the GDPR’s cross-border data transfer requirements.

This infographic not only informs but also provides practical guidance on measures that can be implemented at once, thereby elevating an organization’s ability to continue their cross-border data transfers in a GDPR-compliant manner effectively.

Download Infographic Now
Cross-Border Data Transfers Under GDPR

Frequently Asked Questions

Here are some of the commonly asked questions related to the fine imposed by the Dutch DPA on Uber in August 2024:

Under the GDPR, organizations may only transfer data outside the EU's jurisdiction by relying on three mechanisms. These include an adequacy decision, appropriate safeguards such as binding corporate rules (BCRs), standard contractual clauses (SCCs), or specific derogations, which can only be used in the case of non-repetitive transfers. 

This investigation began after French Uber drivers complained about the company mishandling their sensitive data. The French data protection authority began its initial investigation. Then, it forwarded the complaint to the Dutch DPA since all such complaints must be forwarded to the DPA of the EU country where the alleged offending company is headquartered, which is the Netherlands in the case of Uber. 

Yes, Uber has disagreed with the decision and their plans to appeal the Dutch DPA's fine arguing that they had appropriate data protection mechanisms in place. Additionally, they contend that the transfer's legal basis was within the regulatory provisions. 

All-in-One Solution For Your Business Needs

The Multi-disciplinary practice to grow trust-equity of your brand and comply with privacy regulations

View More

Navigating the New Hampshire’s Data Privacy Law (NHDPA): Key Details

Download the infographic to learn key details about New Hampshire's Data Privacy Law (NHDPA) and simplify your compliance journey with Securiti.

View More

Navigating the Kentucky Consumer Data Privacy Act (KCDPA): Key Details

Download the infographic to learn key details about Kentucky's Consumer Data Privacy Act (KCDPA) and simplify your compliance journey with Securiti.

Effective Timeline of the EU’s AI Act View More

Effective Timeline of the EU’s AI Act

Securiti’s latest infographic provides a detailed breakdown of the EU AI Act’s enforcement timeline and its key dates, making AI Act compliance easier.

View More

Navigating the Montana Consumer Data Privacy Act (MCDPA): Key Details

Download the infographic to learn key details about Montana’s Consumer Data Privacy Act (MCDPA) and simplify your compliance journey with Securiti.

Comparative Analysis of Healthcare Laws: Alberta, Ontario, Quebec View More

Comparative Analysis of Healthcare Laws: Alberta, Ontario, Quebec

Gain insights into Alberta, Ontario, and Quebec healthcare laws. Discover key differences, whom they apply to, regulatory body, notification requirements, rights, etc.

FDBR View More

Navigating Florida’s Digital Bill of Rights (FDBR): Essential Insights

Download the infographic to learn key details about Florida's Digital Bill of Rights (FDBR) and simplify your compliance journey with Securiti.

EU AI Act Battlecard View More

EU AI Act Battlecard

Securiti’s AI Act battlecard is designed as the perfect foundational resource for organizations that want an elementary understanding of the various aspects of AI Act compliance.

The NJDPA does not grant a private right of action, meaning individuals cannot sue under the law. Businesses are allowed a 30-day cure period to address violations. Noncompliance penalties are $10,000 for a first violation and $20,000 for each subsequent violation. View More

Navigating the New Jersey Data Privacy Act (NJDPA): Key Details

Download the infographic to learn key details about the New Jersey Data Privacy Act (NJDPA) and simplify your compliance journey with Securiti.

ICDPA View More

Navigating the Indiana Consumer Data Protection Act (ICDPA): Key Details

Download the infographic to learn key details about the Indiana Consumer Data Protection Act (ICDPA) and simplify your compliance journey with Securiti.

Navigating the Tennessee Information Protection Act View More

Navigating the Tennessee Information Protection Act (TIPA): Key Details

Download the infographic to learn key details about the Tennessee Information Protection Act (TIPA) and simplify your compliance journey with Securiti.

What's
New