Menú

All

adequate level of protection

What is an appropriate level in international data transfer?

The concept of an adequate level of protection comes into play when we talk about international data transfers. The Judgment of the Court of Justice Schrems I emphasizes this notion, the content of which is regulated in the GDPR.

What  does  an appropriate level in international data transfer mean?

Without data transfers there is no communication. However, these transfers cannot undermine the level of protection of individuals guaranteed by the GDPR. International data transfers can guarantee security through different instruments. Ensuring an adequate level of protection is one of them. In sucessive collaborations, we will analyze what mechanisms can be used to apply appropriate data protection protections.

Individuals have the right to exercise control over how their personal data is treated. This fundamental right is protected through the GDPR. However, outside the Union we may encounter countries whose legal system does not provide for it in the same way. An international transfer of data cannot undermine the level of protection of individuals guaranteed by the GDPR. When a third country does not offer an adequate level of protection, the transfer of personal data must be prohibited.

Contacto No te quedes con la duda, contacta con nosotros. Estaremos encantados de atenderte y ofrecerte soluciones.

What is an adequate level of protection?

In short, it means that such third country protects our personal data in an equivalent manner as the GDPR does. We are talking about an equivalent but not identical level of protection. The instruments through which this level of protection is guaranteed may differ from those applied by the Union. Ultimately, what is sought is the result of guaranteeing sufficient protection in accordance with the GDPR. The level of protection must be adequate to guarantee the privacy, fundamental rights and freedoms of individuals.

How is this suitability guaranteed?

Through the legislation or international commitments of that third country. Also through the proper functioning of the control authorities in that country. These authorities are responsible for guaranteeing and ensuring compliance with data protection rules.

If with these mechanisms the level of protection is equivalent to that guaranteed by the GDPR we are looking at an adequate level of protection. It is your legal system that must guarantee an adequate level of protection.

Who rates a level of protection as adequate?

The European Commission through an adequacy decision. In these cases it will not be necessary to obtain a specific authorization from the competent authority to carry out the data transfer. However, the Commission may revoke that decision by means of a reasoned statement to the third country.

If this article has been of interest, we also suggest you to read the following article published on our website:

How to comply with GPRD regulations after the Schrems II Ruling

Data Protection Dictionary (Jargon)

Publicaciones relacionadas