3.3. Codes of conduct and certification mechanisms

Since the entry into force of the GDPR on 25 May 2018, new transfer mechanisms are available to controllers or processors, who intend to transfer personal data to a third country with no adequate level of protection. These are:

  • approved codes of conduct pursuant to Article 40 of the GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights, and
  • approved certification mechanisms pursuant to Article 42 of the GDPR together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects' rights.

Dernière mise à jour