International data transfers play a vital role for data driven businesses and organisations. As processes have become but a few clicks away and the digital world continues advancing, organisations must take the appropriate measures to ensure protection over their data and the data subjects. The EU’s GDPR aims to protect personal data, and provides strict obligations and standards that every organisation should take when dealing with international data transfers. Below are key points for organisations to consider upon doing international data transfers from and to the EU.
Data Transfers: In & Out of the EU
Nov 1, 2019 10:22:06 AM / by PrivacyPerfect posted in EU, GDPR Compliance, Data Privacy, DPO, Data Protection Officer, Data Transfer, International Data Transfer, Reputation under GDPR, GDPR For Tech Companies, GDPR for Marketers, GDPR Summary, gdpr 2019
The beginner's guide to cookies - use, necessity and compliance
Jan 17, 2019 10:00:00 AM / by PrivacyPerfect posted in Data Privacy, Data Protection, Data Transfer, Personal Data, Data Consent, Cookie, Consent, Cookies
How can I transfer personal data across EEA borders under the GDPR?
Oct 8, 2018 10:00:00 AM / by PrivacyPerfect posted in Data Protection, Data Transfer, International Data Transfer, International GDPR, EEA
Before conducting an international data transfer, organisations need to check the GDPR very carefully. International data transfers should not only be compliant with Chapter 5 but also with all other requirements of the GDPR (following from Article 44 GDPR). Also, in order to transfer personal data outside the EU, organisations need to follow the layered approach of the European Data Protection Board.
Extending the GDPR across the borders of the EU: data protection in the EEA
Sep 26, 2018 10:00:00 AM / by PrivacyPerfect posted in Data Transfer, International Data Transfer, EEA
The European Economic Area (EEA) is the combination of European Union (EU) and European Free Trade Association (EFTA) states, except for Switzerland. The EEA has now incorporated the GDPR into the EEA agreement. This was done by an EEA Joint Committee Decision dated 6th July 2018, which came into force on 20th July, 2018.
International data transfers in a nutshell
Aug 23, 2018 10:00:00 AM / by PrivacyPerfect posted in EU, GDPR Explained, Data Processing, Data Transfer, International Data Transfer, International GDPR, EEA
International data transfers are unavoidable for most of the businesses and organisations in today’s digital world. The GDPR takes a balanced approach between the necessity of cross-border data flows for the purposes of international trade and the level of protection provided to natural persons. Although the Regulation allows the free flow of personal data between Member States, it restricts data transfers to countries
What should a data breach notification contain?
Jul 9, 2018 10:00:00 AM / by PrivacyPerfect posted in GDPR Compliance, Data Breach, Data Security, Data Transfer, Personal Data
Previously, I wrote a blog post (see here) on data breaches and where to report them, focusing on the notion of ‘lead supervisory authority’. In this blog post, I focus on the contents of data breach notifications in relation to the GDPR. It is important to notice that notifications might be to either of two stakeholders: the supervisory authority and/or the data subjects concerned (the ‘victims’ of the data breach). Using GDPR compliance
Debunking Seven Major Myths about the GDPR
Jun 14, 2018 10:00:00 AM / by PrivacyPerfect posted in GDPR Compliance, Data Privacy, Data Protection, GDPR Explained, GDPR Guideline, Data Processing, Data Security, Data Transfer
What is a data breach, and where do I have to report it under the GDPR?
Jun 4, 2018 10:00:00 AM / by PrivacyPerfect posted in Data Privacy, Data Protection, Data Breach, Data Security, Data Transfer
Under the GDPR, a personal data breach has to be notified to the relevant supervisory authority in most circumstances, most notably when there is a risk for the rights and freedoms of the data subject because of the occurrence of the breach. What is a breach, and which supervisory authority does it have to be notified to? In this blog post, we briefly discuss the answers to these questions.