As mentioned under point 3, controllers and processors have to rely on appropriate safeguards to transfer personal data to countries outside the EEA not offering an adequate level of protection. One of the safeguards provided for by the GDPR is the use of standard contractual clauses adopted by the European Commission (Article 46, paragraph 2 letter c) of the GDPR) or adopted by a supervisory authority and approved by the European Commission (article 46, paragraph 2 letter d) of the GDPR). Another safeguard is the use of so called “ad hoc” contractual clauses written by data exporters and approved by a supervisory authority, which contain sufficient safeguards to protect the transfer of personal data (article 46, paragraph 3, letter a) of the GDPR). Both standard and “ad hoc” contractual clauses are binding contracts between those who send the data (data exporters) and those who receive them (data importers).
Change the language