Cross-Border Data Transfers Flashcards
1
Q
Options for cross-border data transfers as defined in the GDPR
A
(1) Adequacy decisions
(2) Appropriate safeguards
(3) Derogations
2
Q
Which body makes adequacy decisions?
A
European Commission
3
Q
Canada is deemed adequate under what provision?
A
Data protected by PIPEDA
4
Q
The USA is deemed adequate under what provision?
A
EU-US Privacy Shield
5
Q
Privacy Shield Requirements include:
A
- Commit to the Privacy Shield Principles
- Publicize that commitment
- Publicly disclose the orgs privacy policy
- Implement the Principles
- Annually renew the certification
6
Q
Privacy Shield Principles include:
A
- Notice
- Choice
- Accountability for onward transfers
- Security
- Data integrity and purpose limitation
- Access
- And recourse, enforcement, and liability
7
Q
Appropriate safeguards include:
A
- Binding Corporate Rules (BCRs)
- Standard contractual clauses
- Approved codes of conduct or cert. mechanisms
- Ad hoc contractual clauses
- Reliance on international agreements