International data transfer
The General Data Protection Regulation (GDPR) provides special rules for the transfer of personal data to countries outside the EU or the EEA (so-called third countries). Our lawyers explain how data controllers can transfer data in compliance with the law.
New standard contractual clauses for GDPR data importers
The EU is planning new standard contractual clauses for data recipients in third countries that are already subject to the GDPR. We explain why this could finally bring legal certainty and avoid the threat of fines.
Adequacy decisions: review of 11 third countries
The EU Commission has confirmed the adequacy decisions of eleven third countries in its first review of these. Third-country transfers based on the adequacy decisions may thus continue.
EU-U.S. Data Privacy Framework
Everything EU companies need to know about the EU-U.S. Data Privacy Framework – explained simply by lawyers.
EDPB defines third country transfers
The new EDPB Guidelines clarify the applicability of the provisions of the GDPR on third country transfers – particularly relevant for non-EU companies bound by the GDPR.
Draft adequacy decision on the EU-U.S. Data Privacy Framework
Will the transfer of personal data to the U.S. soon be possible again without further data protection guarantees?
EU-U.S. Data Privacy Framework: Privacy Shield 2.0 or Schrems III?
The U.S. government and EU Commission announce a new version of the transatlantic data protection agreement. Is legal certainty finally coming, or just a new court case?
Data transfers to Russia
What do data controllers have to consider if they currently want to export personal data to Russia or have it processed there? The EDPB gives specific recommendations.
China releases draft SCCs for international data transfers
Standard Contractual Clauses will be a tool for the lawful transfer of personal data outside of China. We explain the proposed SCCs and the meaning for (data-driven) businesses.
EDPB published draft guidelines on certification as a data transfer tool
Approved certification mechanisms can be a tool for transferring personal data to third countries in the absence of an adequacy decision. The EDPB has now published draft guidelines on this.
The new Connecticut Data Protection Act (CTDPA)
Connecticut introduces new privacy law: An act concerning personal data privacy and online monitoring. Which companies are affected and what obligations arise from the new law?
When do the GDPR provisions apply to non-EU businesses?
A clarification of several key issues helps companies outside the EU answer the difficult question of whether they have to comply with European data protection laws.
EDPB requires improvements to adequacy decision for the United Kingdom
The opinion of the European Data Protection Board on the adequacy decision of the EU Commission and possible impacts on data transfers in the United Kingdom.
Standard Contractual Clauses for third country transfers (new version of 2021)
The newly published standard contractual clauses provide more legal certainty and flexibility – but also come with more workload for businesses. Here is what to expect.
Transfer to third countries according to Art. 49 GDPR
The derogation in the GDPR allows data to be transferred to third countries without data protection guarantees. The question is under what conditions these exceptions apply.
Data transfers between the EU and third states after the EU-U.S. Privacy Shield
The CJEU invalidation of the EU-U.S. Privacy Shield posed a number of questions for companies and organisations transferring data to the U.S. or third countries, to which the EDPB provides answers in a recently published statement.
