International Data Transfers 

The transfer of personal data to third parties outside the EEA can be based solely on user consent if the third country, where the data recipients are located, has an adequacy decision by the EU Commission or if there is a bilateral treaty regulating safe international data transfers. If such an international agreement or adequacy decision are not available, the user consent is not qualified as a sufficient legal basis for transfer and the transfer will require additional safeguards to be in place.

An adequacy decision is a formal decision made by the EU which recognises that another country, territory, sector or international organisation provides an equivalent level of protection for personal data as the EU does. 

Currently, in the absence of an adequacy decision or a bilateral agreement, controllers must rely on "appropriate safeguards" for the transferred personal data as an alternative legal basis. Operators commonly conclude the so-called "standard contractual clauses" (SCCs) to ensure these appropriate safeguards.

SCCs are pre-approved model contract clauses by the European Commission. Website operators can incorporate them into their contracts with their third-party providers in order to demonstrate compliance with GDPR. The SCCs bind the parties to ensuring that data transferred to the third country is protected by the appropriate safeguards.

JENTIS SaaS offers hosting in a fully European environment (e.g., IONOS Cloud). To tackle challenges relating to international data transfers, JENTIS can be used as a middleware enabling implementation pf supplementary measures, such as anonymisation, pseudonymisation, sythetic data and make international data transfers easily compliant.

For any questions feel free to reach out to your direct contact at JENTIS or to the JENTIS Compliance & Legal Team via email at privacy@jentis.com.