US Privacy Shield

Performing an international data transfer requires either the receiving country to be deemed adequate or appropriate safeguards to be in place.  In general, the EU does not list the US as one of the countries that meets this requirement and therefore a data transfer to the US requires further safeguards. The Privacy Shield is a certification for US companies which the […]

Derogations

Performing an international data transfer requires either the receiving country to be deemed adequate or appropriate safeguards to be in place.  When neither of these exist then an organisation needs to look at possible derogations or to halt the data transfer. A derogation is an exception specified within the regulation for transferring data internationally without […]

Legally Binding Instruments

Performing an international data transfer requires either the receiving country to be deemed adequate or appropriate safeguards to be in place.  One such safeguard is a legally binding instrument, which needs to be in place between public authorities or bodies. The legally binding instrument safeguard only applies to data transfers between public bodies or authorities. […]

Certifications

Certification mechanisms will enable organisations to demonstrate compliance to other organisations through the use of data protection seals or marks.  They might also demonstrate the existence of appropriate safeguards for practices required under data protection regulation, such as international data transfers. Certification mechanisms must remain voluntary and by their nature, will be a measure based […]

Codes of Conduct

Codes of conducts are often used by industry bodies to undertake a procedure which is standardised and has control built in.  A code of conduct for data protection purposes must include safeguards which protect the rights of the data subject and must be approved by the supervisory authority. Codes of Conduct for International Data Transfer […]

Standard Data Protection Clauses

Performing an international data transfer requires either the receiving country to be deemed adequate or appropriate safeguards to be in place.  One such safeguard is standard data protection clauses for an international data transfer. Standard data protection clauses are a series of clauses which can be added to contracts between the transferring parties, which provide […]

International Data Transfers

Transferring personal data internationally is deemed higher risk and therefore safeguards, designed to provide the data subject with further protection, must be in place when transferring personal data. The laws of some countries are deemed ‘adequate’ by the EU as they are robust enough to provide the protection to the data subject without further change. […]

Binding Corporate Rules

Binding corporate rules are internal rules for data transfers within multinational companies.  An important distinction is that binding corporate rules are put in place between linked companies, for example subsidiaries in different countries, rather than through a commercial contract, which would instead be protected by standard contractual clauses. Binding corporate rules are similar to a […]