Personal Data Transfer

Subscribe to Personal Data Transfer

On 13 April 2021, the European Data Protection Board (“EDPB“) adopted two opinions  (“Opinions“) concerning draft UK adequacy decisions published by the European Commission which would permit the free flow of personal data from the European Economic Area (“EEA“) to the UK in the post-Brexit world. The Opinions largely support the draft UK adequacy decisions and represent a positive step towards adoption of formal UK adequacy decisions. Nonetheless, organisations which transfer personal data from the EEA to the UK should continue to monitor the developments and keep planning for the possibility that the adequacy decisions, if adopted, could
Continue Reading European Data Protection Board Issues Opinions on European Commission’s Draft UK Adequacy Decisions

In an increasingly interconnected world, preserving the free flow of data across borders is crucial to the prosperity of businesses operating in every industry. But over the last year, there have been a number of important data protection developments in Europe that have a direct impact on the supply chain and distribution arrangements operated by organizations. These developments are restricting the ways in which businesses can share personal data within their organizations and with counterparties internationally. They include:
Continue Reading Data Protection Developments in Europe – Supply Chain and Distribution

A decision issued on 15 March 2021 by the Bavarian Data Protection Authority (“BayLDA”, publication pending) is the first German enforcement action in connection with last year’s decision of the Court of Justice of the European Union (“CJEU”, “CJEU’s Decision”) on the validity of the European Commission’s Standard Contractual Clauses (“SCCs”) and the EU-US Privacy Shield (C-311/18, more information available in our client alert). In the CJEU Decision, the court held that a transfer of personal data from the EU to third countries outside the European Economic Area (“EEA”) under the EU Standard Contractual Clauses will be permissible
Continue Reading German Data Protection Authority Decides on Supplementary Measures for International Data Transfers

The Spanish Data Protection Authority (“Agencia Espanola Proteccion Datos – AEPD”) has recently issued its highest fine to date, totaling €8.15 million for several breaches of GDPR and national legislation by a multinational telecommunication company and its service providers. Notably, €2 million of this fine was attributable to its service provider conducting an international transfer of personal data to a country that did not comply with the European data protection requirements.
Continue Reading Spanish Data Protection Authority Issues Highest GDPR Fine to Date

On 12 February 2019, the European Data Protection Board (EDPB) adopted an information note “on data transfers under the GDPR in the event of a no-deal Brexit.” According to the note, as of 30 March 2019, transfers of personal data from the European Economic Area (EEA) to the UK must be based either on Standard or ad hoc Data Protection Clauses, Binding Corporate Rules, Codes of Conduct, Certification Mechanisms or Derogations.
Continue Reading EDPB Issues Note on Data Transfers to the UK in the Event of a No-Deal Brexit