International Data Transfers (CIPP/E Exam)2023/2024

International Data Transfers (CIPP/E Exam)Rule for Transferring Data Outside of EEA - correct answers Transfers of PD outside of EEA may only take place subject to the following conditions: 1) Third country ensures adequate level of protection for the personal data as determined by Euroopeaen Commission 2) In absence oof that adequate level of protection, the controller or processor wishing to transfer the data provides appropriate safeguards on thee condition that enforceable data subject rights and effective legal remedies for data subjects are available 3) In the absence of an adequate level of protection or of appropriate safeguards, a transfer or set of transfers of personal data fits within one of the derogations for specific situations covered by the Regulation Transfer versus Transit - correct answers Processing in the third country completes the transfer. Therefore, the fact that personal data may be routed through a third country on the way from an EEAA country does not bring such transfer within the restriction of GDPR unless some substantive processing operation is conducted on the personal data in the third country Linqvist Case - correct answers An individual in a member state merely loading personal information onto a website the is hosted in that state or another member state so that the PD can be accessed by anyone who connects to the internet does not constitute a transfer onto a third country International Exchange of Info leading to transfer - correct answers Where there is an international exchange of info about individuals with the intention of automatically processing the PD after the exchange should be regarded as a transfer for purposes of GDPR, even if the original exchange does not qualify as processing. For example: Info is provided by someone in the EU over the telephone to someone in a third country, which then enters the info on ac computer Factors the Commission takes into account in determining whether third country has adequate protection - correct answers (a) the rule of law, respect for human rights and fundamental freedoms, relevant legislation, both general and sectoral, including concerning public security, defence, national security and criminal law and the access of public authorities to personal data, as well as the implementation of such legislation, data protection rules, professional rules and security measures, including rules for the onward transfer of personal data to another third country or international organisation which are complied with in that country or international organisation, case-law, as well as effective and enforceable data subject rights and effective administrative and judicial redress for the data subjects whose personal data are being transferred; (b) the existence and effective functioning of one or more independent supervisory authorities in the third country or to which an international organisation is subject, with responsibility for ensuring and enforcing compliance with the data protection rules, including adequate enforcement powers, for assisting and advising the data subjects in exercising their rights and for cooperation with the supervisory authorities of the Member States; and (c) the international commitments the third country or international organisation concerned has entered into, or other obligations arising from legally binding conventions or instruments as well as from its participation in multilateral or regional systems, in particular in relation to the protection of personal data. Countries Deemed to Have Adequate Protection - correct answers Andorra Argentina Canada (commercial organizations)