Data transfers outside the EU

Transfers to third countries or international organisations are set out in Chapter V of the GDPR. Under Article 44 GDPR, any transfer to a third country or international organisation must comply with the general provisions of the GDPR (Articles 5, 6, 9) and meet the conditions of Chapter V.

This section provides information on the fulfilment of the obligations of controllers and processors in respect of the following cases:

  1. submitting an application to the HDPA for authorisation to transfer data outside the EU,
  2. submitting an application to the HDPA for approval of Binding Corporate Rules (BCR) and
  3. informing the HDPA of a data transfer to a non-EU country based on derogations.

It should be noted that the Schrems II judgment of the Court of Justice of the European Union abolished the adequacy decision concerning Privacy Shield while all transfer tools were affected. More on the developments in the Schrems II judgment is available here.