European Data Protection Board issues guidelines on data transfer scope
May 19, 2022
On November 19, 2021 the European Data Protection Board (EDPB) published new Guidelines regarding the interplay between Article 3 of the GDPR – which sets out the GDPR’s territorial scope – and the provisions on international transfers in Chapter V of the GDPR. The Guidelines aim to provide clarification as to what constitutes an international transfer, and how to implement a lawful transfer in accordance with GPPR if making such a transfer.The Guidelines provide three cumulative criteria that would categorise data processing as a transfer of personal data to a third country or an international organisation.
Key things to know
- The data exporter (a controller or processor) is subject to the GDPR for the given processing;
- The data exporter transmits or makes available the personal data to the data importer (another controller, joint controller or processor);
- The data importer is in a third country or is an international organisation.
The full guidelines can be foundhere