Data transfers outside the EU

The GDPR makes it possible to generate a protection bubble around personal data.

This bubble must follow the data, no matter where it is transmitted. The principles of the GDPR must therefore be respected by all successive recipients of the data.

In order to transfer data outside the EU, data controllers and processors must ensure a level of data protection equivalent to that guaranteed in the EU.

"Adequate" and "non-adequate" countries

Data transfers to so-called "adequate" countries do not require any specific supervision or authorization.

Adequate countries offer a level of protection equivalent to that of the EU.

These countries are : Andorra, Argentina, Switzerland, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, United Kingdom, Uruguay, Japan and South-Korea.

Transfers to non-adequate countries are only possible under certain conditions.

Map of GDPR Adequate Countries

Informing people about data transfers outside the EU

Data transfers and their framework must be included in the information provided to data subjects (for processing carried out by the controller and any processors).

Data transfers outside the EU ​

"Adequate" and "non-adequate" countries ​

Informing people about data transfers outside the EU ​

Data transfers outside the EU

"Adequate" and "non-adequate" countries

Informing people about data transfers outside the EU