International Data Transferrings containing personal data is deemed higher risk and therefore safeguards, designed to provide the data subject with further protection, must be in place. The laws of some countries are deemed ‘adequate’ by the EU as they are robust enough to provide the protection to the data subject without further change. as these regulations govern data transfers effectively.
A transfer of personal data outside of any of the adequate countries requires that the organisations making the transfer have safeguards in place to protect the data. Similar rules exist with US data transfers, which are often signalled out.
So, if you are transferring personal data internationally you should carry out an International Data Transfer Assessment (IDTA) to ensure that appropriate safeguards are in place. This careful assessment is vital to manage transfers.
These might be required to secure international data transfers:
- A legally binding instrument between public authorities or bodies
- Binding corporate rules
- Standard data protection clauses, generally within a contract
- An approved code of conduct
- An approved certification mechanism
If the country is not deemed adequate or the appropriate safeguards are not in place, then the data transfer cannot take place unless one of a series of derogations (exceptions) are available.
How can ProvePrivacy Help?
Whilst this may appear to be a complex subject, ProvePrivacy helps to guide the Data Champion in understanding what safeguards can be applied through it’s dynamic activity workflows.