In those guidelines, it first clarifies what is meant by ‘transfer of personal data to a third country’. It then explains the conditions under which such a transfer may take place, depending on whether the third country in question has an adequacy decision or not, and develops the specific case of the EU-US data privacy framework (DPF). Interested organisations will also find information on the European Commission’s standard contractual clauses, Binding Corporate Rules (BCRs), codes of conduct or certification mechanisms used as transfer tools. Finally, the last section of the guidelines deals with derogations that can be used in specific situations for transfers of personal data to a third country in the absence of appropriate safeguards.
Change the language