|
|
|
|
|
|
by smu
3054 days ago
|
|
|
Sure thing, that's described in articles 44-50.
In short: 1) if the EU has declared a country "adequate", you can transfer data (there is a list of adequate countries. Canada is on it, the US with Privacy Shield too) 2) in absence of an adequacy decision, there are other possibilities: binding corporate rules (internal rules for data transfers within multinational companies[1]), contractual arrangements (for example, the EU approved clauses), adherence to a code of conduct with a binding commitment (look at this like some kind of "privacy certification") 3) Finally, if the above are not possible, a transfer is still possible if the subject gives consent after being informed of all risks. So, for the sake of debate: I would go with either binding corporate rules (in case of a multinational) or contractual arrangements. [1] https://ec.europa.eu/info/law/law-topic/data-protection/data... |
|
|