SlideShare une entreprise Scribd logo

General Data Protection Regulation (GDPR) - Cross-Border Data Transfers

pi
pi

The General Data Protection Regulation will Impact all health data processing companies because of the growing importance of customer and patient data to the manufacturer’s business. All companies have to be compliant by 25th May 2018. This presentation gives an overview of all the possibilities included in the GDPR to allow Cross-Border Data Transfers to third countries.

Données & analyses
1  sur  22
pi | contact@3-14.com | www.3-14.com GDPR – Cross-Border Data Transfers
2 | pi © 2018 pi | contact@3-14.com | www.3-14.com • Update of the 1995 Data Protection Directive concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data • Impacts all health data processing companies because of the growing importance of customer and patient data to the manufacturer’s business • Most new rules and regulations do not allow grandfathering • Member States will have the opportunity to maintain or introduce further conditions with regard to the processing of genetic data, biometric data and data concerning health • All companies have to be compliant by 25th May 2018 GDPR - general
pi | contact@3-14.com | www.3-14.com Adequate Jurisdictions
4 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers are allowed when the transfer is being made to an Adequate Jurisdiction. This implies that the third country has received an Adequacy Decision from the European Commission. The Adequacy Decision is influenced by: • Legal protections for human rights and fundamental freedoms • Rule of law • Access of public authorities to transferred data • The existence of Data Protections Authorities and their functioning • Other international commitments and obligations regarding the protection of personal data Data Transfer to Adequate Jurisdictions
5 | pi © 2018 pi | contact@3-14.com | www.3-14.com Adequacy Decisions are subject to regular review by the European Commission: • Adequacy Decisions are periodically reviewed, at least every four years • Following the review, the status of Adequate Jurisdiction can be repealed, amended or suspended by the European Commission • Any change made to the Adequacy Decision following a review is not implemented retro-actively Review of Adequacy Decision
pi | contact@3-14.com | www.3-14.com Allowed safeguards
7 | pi © 2018 pi | contact@3-14.com | www.3-14.com In the absence of an Adequate Decision, a number of safeguards are allowed as a basis for Cross-Border Data Transfers: • Agreements between Public Authorities • Binding Corporate Rules • Model Clauses • DPA Clauses • Codes of Conduct • Certification Allowed safeguards
8 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers are allowed between public authorities: • Based on legally binding and enforceable agreements between these public authorities • Does not require any specific Data Protection Authority (DPA) authorisation • The public authorities ensure that the agreement is compliant with all GDPR requirements Agreements between Public Authorities
9 | pi © 2018 pi | contact@3-14.com | www.3-14.com In accordance with Article 47, Cross-Border Data Transfers are allowed based on Binding Corporate Rules (BCR): • The Binding Corporate Rules requires the approval by the competent DPA • Following the approval, no further DPA approval is necessary for personal data transfers made under the BCR Binding Corporate Rules
10 | pi © 2018 pi | contact@3-14.com | www.3-14.com Model Clauses are standard data protection clauses, as approved by the European Commission. DPA Clauses are the national alternatives to these Model Clauses. In both cases, any further DPA authorisation is not required. Model Clauses & DPA Clauses
11 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers can take place on the basis of an approved Code of Conduct, including binding and enforceable commitments of the controller or processor in the third country. Transfers made on this basis do not require DPA approval. The Code of Conduct itself however does require a DPA approval. Codes of Conduct
12 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers can take place on the basis of a DPA-approved Certification, together with binding and enforceable commitments of the controller or processor to apply all appropriate safeguards. Transfers made on this basis do not require DPA approval. The Certification itself however does require a DPA approval. Certification
pi | contact@3-14.com | www.3-14.com Derogations
14 | pi © 2018 pi | contact@3-14.com | www.3-14.com Next to transfer to Adequate Jurisdiction or under the allowed Safeguards, a number of exceptions from the GDPR on the transfer of personal data outside the EU without adequate protections are possible: • Specific situations related to the Data Subject • Public Interest • Legal Claims • Public Register • Compelling Legitimate Interests • Administrative Arrangements • Third Country Judgement and Decisions Possible Derogations
15 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is possible whenever: • The Data Subject has given explicit consent, after having been clearly informed of all risks related to such a transfer. • The transfer is necessary for the performance of a contract between data subject and data controller or the implementation of pre-contractual measures taken in response to the data subject’s request. • The transfer is necessary for the performance or conclusion of a contract between data controller and a third party, provided the transfer is in the interest of the data subject. • The transfer is necessary in order to protect the data subject’s or other persons’ vital interests, provided the data subject is physically or legally incapable of giving consent. Specific situations related to the Data Subject
16 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is possible when the transfer is necessary for important reasons of public interest The cited reasons of public interest need to be recognised in the European Union’s law or in the law of the Member Stats to which the data controller is subject. Public Interest
17 | pi © 2018 pi | contact@3-14.com | www.3-14.com The transfer is necessary for the establishment, exercise or defence of legal claims. Legal Claims
18 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is allowed when the transferred data are taken from: • From a register which is open to the public • Or a register that is, upon request, open to any person who can demonstrate a legitimate interest in inspecting it However, this derogation does not permit the Cross-Border Data Transfer of the entire register. Public Register
19 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is possible on the basis of administrative arrangements between different public authorities, provided that the data subject’s rights are adequately protected. These transfers require approval from the relevant DPA. Administrative Arrangements
20 | pi © 2018 pi | contact@3-14.com | www.3-14.com A judgment from a third country, requiring a Cross-Border Data Transfer, only provides a lawful basis for such a transfer if the transfer is based on an appropriate international agreement, such as a Mutual Legal Assistance Treaty. These transfers require approval from the relevant DPA. Third country judgements and decisions
21 | pi © 2018 pi | contact@3-14.com | www.3-14.com The final possible derogation allows for great flexibility but also requires a strict and detailed internal documentation. If a Data Transfer is not possible based on any of the derogations above, a transfer to a third country or international organisation is possible for the purpose of compelling legitimate interests if: • The transfer is not repetitive • It concerns a limited number of data subjects • Suitable safeguards are put in place for the personal data • The cited legitimate interests do not override the interests or rights and freedoms of the data subjects concerned • Both the relevant DPA’s and the data subjects are informed about the transfer Compelling legitimate interests
22 | pi © 2018 pi | contact@3-14.com | www.3-14.com General Data Protection Regulation Transfers of personal data to third countries or international organisations Chapter 13: Cross-Border Data Transfers – Unlocking the EU General Data Protection Regulation Top 10 operational impacts of the GDPR: Part 4 - Cross-border data transfers Sources

Recommandé

Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
IT Governance Ltd
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
Patrick Soenen
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
Martin Hawksey
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
SPIN Chennai
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
TrustArc
 

Recommandé

Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
IT Governance Ltd
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
Patrick Soenen
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
Martin Hawksey
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
SPIN Chennai
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
International Data Transfer Update
International Data Transfer UpdateInternational Data Transfer Update
International Data Transfer Update
TrustArc
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Trish McGinity, CCSK
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
Priyab Satoshi
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
IT Governance Ltd
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
WilmerHale
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
Piwik PRO
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
Marketing Team at Crown Worldwide Group
 
DPIA
DPIADPIA
DPIA
Martyn Ripley
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
Tinuiti
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
Jane Lambert
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
Eryk Budi Pratama
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
IT Governance Ltd
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessment
Stephen Owen
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
Priyanka Aash
 
The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?
TAG Alliances
 
GDPR: why your contracts need updating
GDPR: why your contracts need updatingGDPR: why your contracts need updating
GDPR: why your contracts need updating
Brian Miller, Solicitor
 

Contenu connexe

Tendances

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
SaimaRafiq
 

Tendances (20)

GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data Security
 
GDPR
GDPRGDPR
GDPR
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
GDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to KnowGDPR Data Subject Rights - What You Need to Know
GDPR Data Subject Rights - What You Need to Know
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
DPIA
DPIADPIA
DPIA
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 
Data privacy impact assessment
Data privacy impact assessmentData privacy impact assessment
Data privacy impact assessment
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
 

Similaire à General Data Protection Regulation (GDPR) - Cross-Border Data Transfers

Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & Implications
TrustArc
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
Jan Dhont
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...
Carrenza
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
TrustArc
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
TrustArc
 

Similaire à General Data Protection Regulation (GDPR) - Cross-Border Data Transfers (20)

The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?The GDPR: What About Data Stored or Transmitted Outside the EU?
The GDPR: What About Data Stored or Transmitted Outside the EU?
 
GDPR: why your contracts need updating
GDPR: why your contracts need updatingGDPR: why your contracts need updating
GDPR: why your contracts need updating
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 
EU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor ReplacementEU-US Privacy Shield - Safe Harbor Replacement
EU-US Privacy Shield - Safe Harbor Replacement
 
Post US Election Privacy Updates & Implications
Post US Election Privacy Updates & ImplicationsPost US Election Privacy Updates & Implications
Post US Election Privacy Updates & Implications
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...
 
Are You Prepared for the GDPR?
Are You Prepared for the GDPR?Are You Prepared for the GDPR?
Are You Prepared for the GDPR?
 
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...
 
Personal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data PrivacyPersonal Data Protection Act - Employee Data Privacy
Personal Data Protection Act - Employee Data Privacy
 
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st EnforcementCCPA Update: What You Need to Know about CPRA & July 1st Enforcement
CCPA Update: What You Need to Know about CPRA & July 1st Enforcement
 
How to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive AdvantageHow to Turn GDPR into a Competitive Advantage
How to Turn GDPR into a Competitive Advantage
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
 
Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)Infographic : What's going to change with the GDPR (2018)
Infographic : What's going to change with the GDPR (2018)
 
General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...General Data Protection Regulation: what do you need to do to get prepared? -...
General Data Protection Regulation: what do you need to do to get prepared? -...
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
GDPR: Are you Ready?
GDPR: Are you Ready?GDPR: Are you Ready?
GDPR: Are you Ready?
 

Plus de pi

Plus de pi (16)

Software as a Medical Device (SaMD) - IMDRF Definition and Categorisation
Software as a Medical Device (SaMD) - IMDRF Definition and CategorisationSoftware as a Medical Device (SaMD) - IMDRF Definition and Categorisation
Software as a Medical Device (SaMD) - IMDRF Definition and Categorisation
 
Analytical Target Profile (ATP) - Structure and Application Throughout the An...
Analytical Target Profile (ATP) - Structure and Application Throughout the An...Analytical Target Profile (ATP) - Structure and Application Throughout the An...
Analytical Target Profile (ATP) - Structure and Application Throughout the An...
 
The life sciences industry in 2018
The life sciences industry in 2018The life sciences industry in 2018
The life sciences industry in 2018
 
General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...
 
Analytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revisionAnalytical Instrument Qualification - USP chapter 1058 revision
Analytical Instrument Qualification - USP chapter 1058 revision
 
FDA QMP - Practicalities of the program
FDA QMP - Practicalities of the programFDA QMP - Practicalities of the program
FDA QMP - Practicalities of the program
 
ICH Q3D - Elemental impurities in pharmaceutical products
ICH Q3D - Elemental impurities in pharmaceutical productsICH Q3D - Elemental impurities in pharmaceutical products
ICH Q3D - Elemental impurities in pharmaceutical products
 
The European Medical Device Regulations - analysis of the final text
The European Medical Device Regulations - analysis of the final textThe European Medical Device Regulations - analysis of the final text
The European Medical Device Regulations - analysis of the final text
 
Quality Metrics Program - Impact & Challenges
Quality Metrics Program - Impact & ChallengesQuality Metrics Program - Impact & Challenges
Quality Metrics Program - Impact & Challenges
 
Pharmacovigilance and product quality assessment
Pharmacovigilance and product quality assessmentPharmacovigilance and product quality assessment
Pharmacovigilance and product quality assessment
 
Pharmacovigilance - Processes & Challenges
Pharmacovigilance - Processes & ChallengesPharmacovigilance - Processes & Challenges
Pharmacovigilance - Processes & Challenges
 
Data integrity - the review process
Data integrity - the review processData integrity - the review process
Data integrity - the review process
 
Data Integrity webinar - Essentials & Solutions
Data Integrity webinar - Essentials & SolutionsData Integrity webinar - Essentials & Solutions
Data Integrity webinar - Essentials & Solutions
 
Data Integrity - the ALCOA model
Data Integrity - the ALCOA modelData Integrity - the ALCOA model
Data Integrity - the ALCOA model
 
pi life sciences consultancy
pi life sciences consultancypi life sciences consultancy
pi life sciences consultancy
 
Webinar: "The future of European Medical Device Regulations"
Webinar: "The future of European Medical Device Regulations"Webinar: "The future of European Medical Device Regulations"
Webinar: "The future of European Medical Device Regulations"
 

Dernier

Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1
ranjankumarbehera14
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
kumargunjan9515
 
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
HyderabadDolls
 
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
gajnagarg
 
Dubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls DubaiDubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls Dubai
kojalkojal131
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
nirzagarg
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdf
SayantanBiswas37
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
kumargunjan9515
 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
HyderabadDolls
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
gragchanchal546
 
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
HyderabadDolls
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
gajnagarg
 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
nirzagarg
 

Dernier (20)

Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
 
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
Top Call Girls in Balaghat 9332606886Call Girls Advance Cash On Delivery Ser...
 
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
 
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
 
Dubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls DubaiDubai Call Girls Peeing O525547819 Call Girls Dubai
Dubai Call Girls Peeing O525547819 Call Girls Dubai
 
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
Top profile Call Girls In Begusarai [ 7014168258 ] Call Me For Genuine Models...
 
Digital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham WareDigital Transformation Playbook by Graham Ware
Digital Transformation Playbook by Graham Ware
 
Computer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdfComputer science Sql cheat sheet.pdf.pdf
Computer science Sql cheat sheet.pdf.pdf
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
 
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
High Profile Call Girls Service in Jalore { 9332606886 } VVIP NISHA Call Girl...
 
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
SAC 25 Final National, Regional & Local Angel Group Investing Insights 2024 0...
 
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With OrangePredicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
Predicting HDB Resale Prices - Conducting Linear Regression Analysis With Orange
 
20240412-SmartCityIndex-2024-Full-Report.pdf
20240412-SmartCityIndex-2024-Full-Report.pdf20240412-SmartCityIndex-2024-Full-Report.pdf
20240412-SmartCityIndex-2024-Full-Report.pdf
 
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for ResearchRanking and Scoring Exercises for Research
Ranking and Scoring Exercises for Research
 
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
Gomti Nagar & best call girls in Lucknow | 9548273370 Independent Escorts & D...
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
 
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
Nirala Nagar / Cheap Call Girls In Lucknow Phone No 9548273370 Elite Escort S...
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
 
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Tumkur [ 7014168258 ] Call Me For Genuine Models We...
 

General Data Protection Regulation (GDPR) - Cross-Border Data Transfers

  • 1. pi | contact@3-14.com | www.3-14.com GDPR – Cross-Border Data Transfers
  • 2. 2 | pi © 2018 pi | contact@3-14.com | www.3-14.com • Update of the 1995 Data Protection Directive concerning the protection of natural persons with regard to the processing of personal data and the free movement of such data • Impacts all health data processing companies because of the growing importance of customer and patient data to the manufacturer’s business • Most new rules and regulations do not allow grandfathering • Member States will have the opportunity to maintain or introduce further conditions with regard to the processing of genetic data, biometric data and data concerning health • All companies have to be compliant by 25th May 2018 GDPR - general
  • 3. pi | contact@3-14.com | www.3-14.com Adequate Jurisdictions
  • 4. 4 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers are allowed when the transfer is being made to an Adequate Jurisdiction. This implies that the third country has received an Adequacy Decision from the European Commission. The Adequacy Decision is influenced by: • Legal protections for human rights and fundamental freedoms • Rule of law • Access of public authorities to transferred data • The existence of Data Protections Authorities and their functioning • Other international commitments and obligations regarding the protection of personal data Data Transfer to Adequate Jurisdictions
  • 5. 5 | pi © 2018 pi | contact@3-14.com | www.3-14.com Adequacy Decisions are subject to regular review by the European Commission: • Adequacy Decisions are periodically reviewed, at least every four years • Following the review, the status of Adequate Jurisdiction can be repealed, amended or suspended by the European Commission • Any change made to the Adequacy Decision following a review is not implemented retro-actively Review of Adequacy Decision
  • 6. pi | contact@3-14.com | www.3-14.com Allowed safeguards
  • 7. 7 | pi © 2018 pi | contact@3-14.com | www.3-14.com In the absence of an Adequate Decision, a number of safeguards are allowed as a basis for Cross-Border Data Transfers: • Agreements between Public Authorities • Binding Corporate Rules • Model Clauses • DPA Clauses • Codes of Conduct • Certification Allowed safeguards
  • 8. 8 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers are allowed between public authorities: • Based on legally binding and enforceable agreements between these public authorities • Does not require any specific Data Protection Authority (DPA) authorisation • The public authorities ensure that the agreement is compliant with all GDPR requirements Agreements between Public Authorities
  • 9. 9 | pi © 2018 pi | contact@3-14.com | www.3-14.com In accordance with Article 47, Cross-Border Data Transfers are allowed based on Binding Corporate Rules (BCR): • The Binding Corporate Rules requires the approval by the competent DPA • Following the approval, no further DPA approval is necessary for personal data transfers made under the BCR Binding Corporate Rules
  • 10. 10 | pi © 2018 pi | contact@3-14.com | www.3-14.com Model Clauses are standard data protection clauses, as approved by the European Commission. DPA Clauses are the national alternatives to these Model Clauses. In both cases, any further DPA authorisation is not required. Model Clauses & DPA Clauses
  • 11. 11 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers can take place on the basis of an approved Code of Conduct, including binding and enforceable commitments of the controller or processor in the third country. Transfers made on this basis do not require DPA approval. The Code of Conduct itself however does require a DPA approval. Codes of Conduct
  • 12. 12 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfers can take place on the basis of a DPA-approved Certification, together with binding and enforceable commitments of the controller or processor to apply all appropriate safeguards. Transfers made on this basis do not require DPA approval. The Certification itself however does require a DPA approval. Certification
  • 13. pi | contact@3-14.com | www.3-14.com Derogations
  • 14. 14 | pi © 2018 pi | contact@3-14.com | www.3-14.com Next to transfer to Adequate Jurisdiction or under the allowed Safeguards, a number of exceptions from the GDPR on the transfer of personal data outside the EU without adequate protections are possible: • Specific situations related to the Data Subject • Public Interest • Legal Claims • Public Register • Compelling Legitimate Interests • Administrative Arrangements • Third Country Judgement and Decisions Possible Derogations
  • 15. 15 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is possible whenever: • The Data Subject has given explicit consent, after having been clearly informed of all risks related to such a transfer. • The transfer is necessary for the performance of a contract between data subject and data controller or the implementation of pre-contractual measures taken in response to the data subject’s request. • The transfer is necessary for the performance or conclusion of a contract between data controller and a third party, provided the transfer is in the interest of the data subject. • The transfer is necessary in order to protect the data subject’s or other persons’ vital interests, provided the data subject is physically or legally incapable of giving consent. Specific situations related to the Data Subject
  • 16. 16 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is possible when the transfer is necessary for important reasons of public interest The cited reasons of public interest need to be recognised in the European Union’s law or in the law of the Member Stats to which the data controller is subject. Public Interest
  • 17. 17 | pi © 2018 pi | contact@3-14.com | www.3-14.com The transfer is necessary for the establishment, exercise or defence of legal claims. Legal Claims
  • 18. 18 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is allowed when the transferred data are taken from: • From a register which is open to the public • Or a register that is, upon request, open to any person who can demonstrate a legitimate interest in inspecting it However, this derogation does not permit the Cross-Border Data Transfer of the entire register. Public Register
  • 19. 19 | pi © 2018 pi | contact@3-14.com | www.3-14.com Cross-Border Data Transfer is possible on the basis of administrative arrangements between different public authorities, provided that the data subject’s rights are adequately protected. These transfers require approval from the relevant DPA. Administrative Arrangements
  • 20. 20 | pi © 2018 pi | contact@3-14.com | www.3-14.com A judgment from a third country, requiring a Cross-Border Data Transfer, only provides a lawful basis for such a transfer if the transfer is based on an appropriate international agreement, such as a Mutual Legal Assistance Treaty. These transfers require approval from the relevant DPA. Third country judgements and decisions
  • 21. 21 | pi © 2018 pi | contact@3-14.com | www.3-14.com The final possible derogation allows for great flexibility but also requires a strict and detailed internal documentation. If a Data Transfer is not possible based on any of the derogations above, a transfer to a third country or international organisation is possible for the purpose of compelling legitimate interests if: • The transfer is not repetitive • It concerns a limited number of data subjects • Suitable safeguards are put in place for the personal data • The cited legitimate interests do not override the interests or rights and freedoms of the data subjects concerned • Both the relevant DPA’s and the data subjects are informed about the transfer Compelling legitimate interests
  • 22. 22 | pi © 2018 pi | contact@3-14.com | www.3-14.com General Data Protection Regulation Transfers of personal data to third countries or international organisations Chapter 13: Cross-Border Data Transfers – Unlocking the EU General Data Protection Regulation Top 10 operational impacts of the GDPR: Part 4 - Cross-border data transfers Sources