The answer to all these questions raised by international transfers of personal data is to have in place a comprehensive privacy protection programme which makes it easy for you to demonstrate your compliance, wherever personal data is being processed.
Make your people understand, care and do
The most important thing in any privacy protection programme is your people. The people in your organisation need to understand the risks inherent in some international transfers. Once they understand, they will care. And if they care they will do what they can to help. At The Privacy Compliance Hub, we provide a simple platform to make people understand and care. Our comprehensive privacy compliance programme is based upon our unique Eight Privacy Promises. Helping everyone understand those Eight Privacy Promises is our very own Privacy Guy who guides you through what it means and what it takes to comply with the law.
Privacy Promise 7 – We only send personal information to safe places
Or, in other words, we promise to only transfer personal information to countries that ensure an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal information.
What The Privacy Guy needs you to understand
The Privacy Guy needs you to understand that the GDPR imposes restrictions on transfers of personal data. Such restrictions apply in the EU and the UK (which by virtue of the Data Protection Act 2018, has adopted the same rules as in the GDPR).
When a transfer is being made outside your country you need to make sure that there is an adequate level of protection for personal information in the country to which the personal information is being transferred. The EU has deemed some countries as having an adequate level of protection (eg New Zealand), but has not deemed the level of protection in other countries as adequate (eg Australia).
Given that the UK has now left the European Union, for data controllers in the UK, the situation with transfers outside the UK has become more complicated and the UK and the European Union will have to try and negotiate arrangements by which they deem each others’ protection levels as adequate.