With respect to international transfers of personal data, the European Data Protection Board (EDPB) confirmed that derogations may be relied upon under what condition?
A.
If the data controller has received preapproval from a Data Protection Authority (DPA), after submitting the appropriate documents.
B.
When it has been determined that adequate protection can be performed.
C.
Only if the Data Protection Impact Assessment (DPIA) shows low risk.
D.
Only as a last resort and when interpreted restrictively.
The GDPR allows for derogations for specific situations when a transfer of personal data to a third country or an international organization cannot be based on an adequacy decision, appropriate safeguards, or binding corporate rules1. However, these derogations are exceptions to the general rule and should not become the norm. The EDPB confirmed that derogations should only be used as a last resort and when interpreted restrictively, taking into account the nature of the data, the purpose and duration of the processing, the country of origin and destination, and the rights and freedoms of data subjects23. The EDPB also stressed that the data exporter must assess the level of protection in the third country and ensure that the transfer does not undermine the essence of the fundamental rights and freedoms of data subjects23. References: 1: Article 49 of the GDPR 2: Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679 3: A guide to international transfers | ICO
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit