firstname.lastname@example.org London – 020 305 68855 Cornwall – 01726 247047
Do you have a branch or an office outside of the EEA?
If you transfer personal data from people in the EU (employee or customers) to non-adequate countries outside of the EEA then you will need a transfer safeguard.
What is a data transfer?
Transfers of personal data by any business in the European Economic Area (“EEA”) to outside the EEA e.g. where data is to be held on servers abroad, or emails or attachments containing personal data are sent to recipients abroad, are unlawful unless within narrow exceptions. “Transfers” in this context also include remote screen access in the US to data held on servers in the EEA. Personal data is interpreted broadly in Europe and is wider than Personally Identifiable Information (“PII”).
When is a data transfer lawful?
The recipient country must “ensure an adequate level of protection” for personal data and the rights of individuals in respect of their personal details. One method of making such data transfers lawful is to ensure the data is offered “adequate safeguards”. Safe harbor used to provide an adequate safeguard but other solutions are now needed in its place.
European data protection laws allow the European Commission to make decisions about the adequacy of protection for personal data in respect of transfers which are binding on EU member states. These laws recognise that if a data exporter adopts the “standard contractual clauses” adopted by the European Commission, this will provide an adequate safeguard as required by law. Standard contractual clauses are also known as model clauses and EU model contracts.
Please contact us for assistance.
Registration number: 10427754. Registered office: Central Point, Beech Street, London EC2Y 8AD.
VAT Registration number: 285986235
ICO Registration number: ZA342346