Arrange a Consultation

What are my GDPR data transfer responsibilities?

Mar 28 - Brian Siney

Featured in JEP’s Expert Panel – 28th March 2018


Very early into my conversations with clients about GDPR, the subject of data transfers always leads to interesting debate around the data controller’s responsibilities and what is realistically expected of them to demonstrate compliance.

The formal answer is to refer to A45 “Transfers on the basis of an adequacy decision” and A46 “Transfers subject to appropriate safeguards” of GDPR law and talk through the various options e.g. if transfers of EU citizens data is currently happening outside the EEA, then the preference would be to change to service providers located in the EEA or countries with “adequacy status” or make transfers under the approved standard model clause contracts or binding corporate rules contracts, if possible and if relevant.

The data controller or data processor is responsible for ensuring appropriate safeguards are in place, otherwise get the “explicit” consent from the data subject for this data transfer outside the EEA.

There are key provisions in place allowing transfers where it is required to perform a contract agreed with the data subject or where in the public interest or if in defence of legal claim or to protect the vital interests of the data subject or others.

Ensure Your Business is GDPR Compliant Today!

Contact me today and arrange a consultation…

Be Secure is a Jersey-based data consultancy business specialising in GDPR data protection, data privacy and cyber security. Leveraging extensive experience of founder Brian Siney, Be Secure offers a unique business focus and perspective for managing GDPR.

Send me a message

Call me on 07797 738743

More from the blog

Back to Blog home