Transfers to third countries or international organization

Transfers to third countries or international organization

If the controller of processor wants to transfer data to third countries (outside EU /EEA) or international organization, he has to meet criteria in article 6/1 of GDPR (in case of special categories of personal data, also article 9/2 of GDPR) and meet criteria in chapter V of GDPR. In any case, transfer of personal data are allowed only in full compliance of GDPR.  The need to comply with these additional conditions (chapter V of GDPR) results, in particular, from the fact that third countries have other privacy protection legislation that does not have to provide the same level of protection as that provided in the EU/EEA.

 

Transfers can be divided to:

English

Transfers on the basis of an adequacy decision

04.08.2014 - 09:06

According article 45 of GDPR, a transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.

Commission has adopted adequacy decision according GDPR for:

Transfers not on the basis of an adequacy decision

31.07.2014 - 15:26

In the absence of an adequacy decision pursuant, a controller or processor may transfer personal data to a third country or an international organisation only if:

  1. The controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available (these are cumulative conditions). Then the controller or processor can choose from below mentioned options:

 

Desktop version
2019 Office for Personal Data Protection of the Slovak Republic