Search

Any controller wishing to transfer personal data outside the EEA must first ensure that the country of destination offers an adequate level of protection. If the level of protection of the destination country can be considered adequate, the personal data...

Derogations under Article 49 are exemptions from the general principle that personal data may only be transferred to third countries if an adequate level of protection is provided for in the third country or if appropriate safeguards have been adduced

International data transfers Any transfer of personal data, which are undergoing processing or which will be processed after the transfer, to a

Data exporters can use a series of appropriate safeguards enabling transfers to countries not offering an adequate level of protection. One of these safeguards is the possibility for controllers to offer adequate protection through a contract, which is binding for...

Binding Corporate Rules ("BCRs") help ensure an adequate level of protection for data exchanged within a group of companies located both inside and outside the European Economic Area, and are ideal for a multinational group of companies that carries out...

Since the entry into force of the GDPR on 25 May 2018, new transfer mechanisms are available to controllers or processors, who intend to transfer personal data to a third country with no adequate level of protection. These are: approved

Transfers from a Luxembourg public authority or body to another public authority or body in a third country (i.e. outside the European Economic Area) may take place: with a legally binding and enforceable instrument between public authorities or bodies

When a country outside the EEA is not recognised by the European Commission as offering an adequate level of protection, there are several options that can be used to transfer personal data to these countries. The CNPD recommends, as its

EU data protection rules apply to the European Economic Area and personal data may therefore be transferred freely between these countries, provided that the processing complies with the general principles of the GDPR (e.g. lawfulness of processing,  compatibility

Transfers of personal data may take place between different countries in the context of international cooperation in the field of Police and Justice, in accordance with existing international agreements or treaties. Cross-national supervisory authorities (e.g. Europol, Eurojust) apply

Le nouveau règlement renforce les droits existants et octroie aux individus une maîtrise accrue de leurs données personnelles, grâce à : Un droit à l'effacement des données élargi et un « droit à l'oubli » Lorsqu'une personne ne souhaite plus que

La réforme de la protection des données est un ensemble de mesures législatives proposé par la Commission européenne en 2012 pour actualiser et moderniser les règles contenues dans la directive de 1995 sur la protection des données (Directive 95/46/CE) et dans

La réforme apporte clarté et cohérence en ce qui concerne les règles à appliquer, et rétablit la confiance du consommateur, ce qui permettra aux entreprises de tirer pleinement parti des possibilités offertes par le marché unique numérique. Pour les entreprises, la

Le nouveau règlement prévoit un rôle plus important pour les autorités de protection des données tel que la CNPD. Ds amendes administratives dissuasives pourront être infligées en cas de traitement illicite ou d'abus constatés dans le cadre de l'utilisation de données

Thematic dossiers. The page is not available in English. At the moment, the English version is limited to sections that we consider to be of particular interest for our international visitors.