Data transfers outside the EU
Make an inventory of the data flowing outside the EU.
Dernière mise à jour
Cet article vous a-t-il été utile ?
Make an inventory of the data flowing outside the EU.
Dernière mise à jour
Cet article vous a-t-il été utile ?
The transfer can be defined as any communication, copy or movement of personal data intended to be processed in a country outside the European Union.
Data transfers outside the European Union are prohibited as a matter of principle.
provide for exceptions to this prohibition. They provide for the use of tools to control this transfer:
an adequacy decision by the European Commission regarding certain countries ensuring an adequate level of protection;
standard contractual clauses (SCC) of the European Commission;
internal company rules (BCR);
specific contractual clauses (considered to comply with the European Commission's model clauses);
standard contractual clauses adopted by a supervisory authority and approved by the European Commission;
an approved code of conduct (including a binding and enforceable commitment by non-EU recipients to apply appropriate safeguards);
an approved certification scheme (including a binding and enforceable commitment by non-EU recipients to apply appropriate safeguards);
an administrative arrangement or a legally binding and enforceable text taken to enable cooperation between public authorities (Memorandum of Understanding or MMOU, international convention, etc.).
Derogations are provided for in . If a derogation justifies the transfer, the nature of the derogation must be indicated and, if necessary, the assessment of the circumstances of the transfer and the appropriate guarantees must be detailed.