GDPR Third Country

From Open Risk Manual

Definition

A GDPR Third Country is a country which is not bound by the General Data Protection Regulation (GDPR) - as opposed to the 28 Member States of the EU and the three European Economic Area (EEA) countries Norway, Liechtenstein and Iceland.

Third countries may be recognised as offering an adequate level of protection for personal data in order to enable transfers of personal data from the EU and EEA Member States to them.

The Commission has so far recognized Andorra, Argentina, Canada (only commercial organisations), Faroe Islands, Guernsey, Israel, Isle of Man, Japan Jersey, New Zealand, Switzerland, Uruguay and USA (if the recipient belongs to the Privacy Shield), as providing adequate protection.

The effect of such a decision is that personal data can flow from the EU and EEA Member States to that third country (within the limit of the material scope as described by each Decision) without any further requirements.

References

Retrieved from "https://www.openriskmanual.org/wiki/index.php?title=GDPR_Third_Country&oldid=26106"
  • Creative Commons Attribution-NonCommercial-ShareAlike
  • Powered by MediaWiki
  • Powered by Semantic MediaWiki