On 25 May 2018, the General Data Protection Regulation (GDPR) enters into force. The regulation restricts personal data transfers from the EU to other countries, providing several mechanisms which allow for data transfers while upholding the GDPR’s data protection standards. The main mechanism is an “adequacy decision”, in which the European Commission declares the data protection regime of a third country as adequate, enabling transfers to that country without further authorisation. Other mechanisms are “appropriate safeguards” by data controllers or processors transferring data. Safeguards which do not require further authorisation include binding corporate rules, standard data protection clauses, approved codes of conduct and approved certification mechanisms. Safeguards which require authorisation include contractual clauses between the controller or processor in the EU and the third country.
Original source