1) The RGPD applies to your processing of the personal data you have transmitted. These are called “standard contractual clauses” (sometimes referred to as “standard clauses”). There are four sentences that the Commission adopted under the directive. They must be entered by the data exporter (headquartered in the EEA) and by the data importer (outside the EEA). If it is covered by a adequacy decision, you can continue with the limited transfer. Of course, you must continue to stick to the rest of the RGPD. When personal data is transferred to a country outside the EEA and the European Commission does not recognise as sufficiently protected, it can be transmitted if the organisation receiving the personal data has provided appropriate safeguards. In addition, the rights of individuals must be applicable and, after the transfer, effective remedies must be made available to individuals. Exception 2. Do you have a contract with the individual? Is the restricted transfer necessary for you to execute this contract? The transfer must comply with all general laws applicable to public registry disclosures. Where the registry is enshrined in law and access is granted only to those who have a legitimate interest, part of that assessment must take into account the data protection rights of persons whose personal data must be transmitted. This may include taking into account the risk to this personal data by transferring it to a country where protection is less guaranteed.
In practice, compliance with EU data protection legislation also means that customers need fewer authorisations from individual authorities to transmit personal data outside the EU, since most EU Member States do not need additional authorisation if the transfer is based on an agreement in accordance with the standard clauses. EU data protection legislation applies to the European Economic Area (EEA), which includes all EU countries and third countries Iceland, Liechtenstein and Norway. You should move on to the next section Is the transmission covered by appropriate security measures? You will find information about personal data at: RGPD: How the definition of personal data has changed. On 16 July 2020, the European Court of Justice (ECJ) issued a pioneering decision on international data transfers – Schrems II. In its decision, the ECJ overturned the European Commission`s adequacy decision on the data protection shield, which thousands of US companies relied on on the legal transfer of personal data from the EU to the US.