Data Transfers Outside the E.U.

The concept of data flows covers all communication, copies, moving or access of the data to a recipient third country for data processing purposes is strictly defined by the law. This concerns all physical and digital exchanges.

In principle, unless provided with the individual’s consent or other derogations foreseen by law, the transfer of personal data outside the European Economic Area is prohibited if it does not fulfill the following conditions:

1-The recipient third country is recognized via a European Decision as providing an “adequate” level of protection

EU - US privacy shield

Understanding the Privacy Shield
WP29 Opinion on the EU-US Privacy Shield and Essential Guarantees

2-The transfer is framed by CNIL approved contractual clauses
3-Or by Binding Corporate Rules (BCR)

When you transfer personal data to a third country outside of the EU, you must:

Notify the individuals,
Notify the CNIL,
Implement legal safeguards in accordance with the law,
Adopt all and any necessary and relative security measures, and

Ensure the compliance of the data processing and security measures carried out by the data recipient.

CIL CONSULTING will assist and advise you

The completion of CNIL formalities

We take on the assessment and the drafting of all the necessary CNIL formalities.

The legal framing of data transfers

Drafting of Contractual clauses and Binding Corporate Rules: the drafting of a internal code of conduct guaranteeing the protection of personal data when they are transferred within a corporate group.

CIL CONSULTING will assist and advise you

The completion of CNIL formalities

The legal framing of data transfers

You’ve got questions? Let’s talk about them.