Context:

Personal data can be exposed to additional risk when that data is transferred outside the country of origin.  The EU also makes the assumption that if information is transferred outside of a member state that the data is at an even great risk.

Considerations:

International transfers are not always overt. When considering if these transfers apply to your organisation ensure you consider the following:

  • Systems and services not within your organisations physical locations
  • Data storage facilities both hard copy paper and computerised records
  • Software or systems not based on your own hardware (cloud services)
  • Systems/storage/services provided by partners and suppliers that you work with

The EU has identified what it considers to be safe countries or jurisdictions. In addition to the 28 member states the following countries have agreements in place for data transfers:

  • Andorra, Argetina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, United States

If personal data is being transferred to one of these countries it may be permissible.

How to:

Start by understanding what data you have and where you transfer it. Performing a simple data mapping exercise is a good first step.

If you do find that you are transferring data overseas a first step would be to understand and check the safeguards and security permissions put in place by the receiving party.

Further than this, it would be a good idea to seek specialist or legal advice. International transfers of personal data have many, many scenarios and generic advice could put your organisation at risk.

References:

  • GDPR Recitals: 60, 61, 101-115
  • GDPR Articles 13, 14, 15, 30, 45, 46, 49

How Gydeline helps

We, at Gydeline, help organisations of all types and sizes to save money and time through better and simpler compliance.  We do this with software and services.

If you would like to discuss any aspects of dealing with this and other risks in your business we are always happy to offer some, no obligation assistance – just contact us.

Related Posts

Archives