Modern technological ventures rely heavily on business partnerships, which very often require data transfers from one entity to another. The transfer of data can take place in a variety of directions, for example between entities either within the same country, or between entities within the European Union, or to third countries. The latter case requires more and more complex guarantees.
If your company identifies that, in its processing flows, it wishes to carry out a data transfer to a third country, it should first of all clarify two very basic questions that will determine the type of next steps necessary to ensure legality:
- Whether the intended processing is indeed a transfer of data to a third country or an international organisation: The criteria for the above determination were clarified in the recent 5/2021 European Data Protection Board guidelines (available here).
- Ensure that all necessary safeguards and guarantees (at legal, technical and organisational level) for the transfer to a third country are obtained, implemented and respected, taking into account the specific circumstances of the transfer on a case-by-case basis.
*Date of last visit, 17-2-2022
