London – 020 305 68855         Cornwall – 01726 247047


Do you have a branch or an office outside of the EEA?

If you transfer personal data from people in the EU (employee or customers) to non-adequate countries outside of the EEA then you will need  a transfer safeguard.


What is a data transfer?

Transfers of personal data by any business in the European Economic Area (“EEA”) to outside the EEA e.g. where data is to be held on servers abroad, or emails or attachments containing personal data are sent to recipients abroad, are unlawful unless within narrow exceptions. “Transfers” in this context also include remote screen access in the US to data held on servers in the EEA. Personal data is interpreted broadly in Europe and is wider than Personally Identifiable Information (“PII”).

Screen Shot 2018-06-07 at 13.17.44

When is a data transfer lawful?

The recipient country must “ensure an adequate level of protection” for personal data and the rights of individuals in respect of their personal details. One method of making such data transfers lawful is to ensure the data is offered “adequate safeguards”. Safe harbor used to provide an adequate safeguard but other solutions are now needed in its place.


Model clauses

European data protection laws allow the European Commission to make decisions about the adequacy of protection for personal data in respect of transfers which are binding on EU member states. These laws recognise that if a data exporter adopts the “standard contractual clauses” adopted by the European Commission, this will provide an adequate safeguard as required by law. Standard contractual clauses are also known as model clauses and EU model contracts.

Please contact us for assistance.

Contact Us

  • 02030 568855
  • 01726 247047
Sapphire Consulting Group Ltd is a limited company registered in England and Wales.

Registration number: 10427754. Registered office: Central Point, Beech Street, London EC2Y 8AD.

VAT Registration number: 285986235

ICO Registration number: ZA342346