Transfers of personal data

Transfers to third countries or international organization

If the controller of processor wants to transfer data to third countries (outside EU /EEA) or international organization, he has to meet criteria in article 6/1 of GDPR (in case of special categories of personal data, also article 9/2 of GDPR) and meet criteria in chapter V of GDPR. In any case, transfer of personal data are allowed only in full compliance of GDPR.  The need to comply with these additional conditions (chapter V of GDPR) results, in particular, from the fact that third countries have other privacy protection legislation that does not have to provide the same level of protection as that provided in the EU/EEA.

Transfers can be divided to:

• Transfers on the basis of an adequacy decision
• Transfers not on the basis of an adequacy decision