A free flow of personal data is permitted within the Economic Economic Area (EEA) (being the EU member states plus Iceland, Lichtenstein and Norway) and the these countries are, in turn, obliged to be bound to the data protection prescripts contained in the EU General Data Protection Regulation (GDPR). However, the application of the GDPR reaches beyond the EEA jurisdictional borders in that the processing of personal data of EEA residents must abide by GDPR prescripts even when such processing occurs outside Europe. Thus, a transfer of personal data to third countries (i.e. countries outside the EEA) is subject to a long and arduous regulation.
While the GDPR has been criticised for hampering international trade outside of the EU, surveys show the growing importance placed on high standards pertaining to the protection of personal data. Also, an increase in media reports show that businesses and individuals pay hefty fines for failures to uphold the GDPR.
We are a global company headquartered in Germany and we are in intimate proximity with all the latest regulatory developments and trends pertaining to international data transfer. We live our core values of data protection and information security, and we strive to instill these values to protect personal data and to help our clients operate responsibly, wherever they may be. Utilising modern consulting methods, state-of-the-art technology and holistic, future-proof approaches, we guide our clients to smart solutions for safe data transfer worldwide. The goal is to reach far beyond the compliance with regulatory prescripts to changed mindsets and greater business success for our clients and partners.
GDPR recommended and our service guideline
To ensure accountability, companies need clear records of their transfers, including processors and sub-processors in third, non-EU countries.
In a second step, companies must verify if their transfers are either covered by adequacy decisions of the European Commission, oblige appropriate safeguards or are derogations according to Art. 49 GDPR. This accounts for European countries as well as for third country companies to enable cooperation.
Now, the data exporter must assess if the transfer tools provide adequate protection of the data in the third country. The processing needs to be based on clear, precise and accessible rules and consider for example the purpose of the processing, the types of entities involved, or the processing sector.
This assessment process should be re-evaluated regularly to check whether the protection level of the third country transfer is still adequate. New security laws might cause changes.
1 | Analysis of global data privacy obligations
An analysis of your legal obligations must be the first step in international business. This is a vital step, as it also considers whether the third country, where the personal data of EU residents is processed has been subject to an adequacy decision by the European Commission and, if not, which ones of the listed safeguards in the GDPR would best suit your business needs.
2 | Detection of out-of-policy cross-border data transfers
This analysis systematically detects cases in which personal data of EEA residents are being processed in a third country without appropriate protection. We offer to identify jurisdictions that have not successfully passed the European Commission’s adequacy decision, assist through the process of setting up and maintaining the necessary safeguards – guiding your company towards a reduced risk of GDPR transgression.
3 | Design & implementation of binding corporate rules (BCRs)
For global companies located outside of Europe and that collect and process the personal data of European residents, BCRs are required. They are proof of the existence of the necessary policies, codes of conduct, internal processes, training, audits and controls in relation to the treatment of personal information, as prescribed in the GDPR. Our services include the co-design and implementation of commitments such as compliance, security, cross-border transfers, sensitive personal information to suit your business and corporate culture needs.
We are a team of inter-disciplinary consultants from Germany and collectively, we offer customised one-stop-shop solutions to SMEs in the areas of strategy, compliance, sustainability and IT.
Trust us to launch your company to grow globally & into the future.
valvisio international AG
80539 Munich, Germany
+49 89 44 44 35 60 – 0
c/o Factory Works GmbH
Rheinsberger Str. 76/77
10115 Berlin, Germany
25 International Business Park
#01-79 German Center
+49 911 47 75 87 – 0