Noteworthy Information

Business & Government Intermediate read

The Future of International Data Transfers (paper, 25p)

The General Data Protection Regulation (GDPR) contains a blanket prohibition on the transfer of personal data outside of the European Economic Area (EEA) unless strict requirements are met. The rationale for this provision is to protect personal data and data subject rights by restricting data transfers to countries that may not have the same level of protection as the EEA. However, the ubiquitous and permeable character of new technologies such as cloud computing, and the increased inter-connectivity between societies, has made international data transfers the norm and not the exception. The Schrems II case and subsequent regulatory developments have further raised the bar for companies to comply with complex and, often, opaque rules.