GDPR, which turns into law on 25 May 2018, is like the existing Data Protection Order in the way it means to a cross-boundary transfer of files, however, it’s more categorical about the different protections that must be ready in order for a business or organization to shift files to a third country.
What are the laws surrounding cross-boundary files transfer?
The cross-boundary transfer of files is allowed in specific conditions;
- Where the European Commission has made a decision that the country has laws in place which offer for a satisfactory level of files safety.
- In certain conditions where usual contractual sections or binding corporate laws (BCRs) are in place.
- Where there are specific additional situations which imply that a derogation is allowed.
Modifications that have accompanied the GDPR
Two of the main modifications between the GDPR and the Data Protection Directive are to do with Binding corporate rules and usual contractual sections. The GDPR unequivocally recognizes the requirement for Binding corporate rules which implies that any European Union countries which didn’t recognize them earlier now need to. Earlier, usual contractual sections needed to be authorized by the relevant data protection authority (DPA). This is no more the case controlled by GDPR.
Which sections of the GDPR manage cross-boundary files transfer?
If you desire to know more about the laws concerning cross-boundary files transfer, you can have a look at the GDPR clauses which control them. These clauses are:
- Article 45 deals with the transferal of files established on a decision of acceptability.
- Article 46 takes into account the use of other protections.
- Article 47 deals with Binding corporate rules.
- Article 49 refers to detractions.
It becomes clear that there are many circumstances where files can be shifted cross-boundary, however, protections must be in place in order for organizations or businesses to abide by the GDPR.