« 43. Certification bodies | 45. Transfers on the basis of an adequacy decision » |
CHAPTER V Transfers of personal data to third countries or international organisations
44. General principle for transfers
Any transfer of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 which are undergoing processing‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. GDPR Article 4 Paragraph 2 or are intended for processing‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. GDPR Article 4 Paragraph 2 after transfer to a third country or to an international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26 shall take place only if, subject to the other provisions of this Regulation, the conditions laid down in this Chapter are complied with by the controller‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. GDPR Article 4 Paragraph 7 and processor‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. GDPR Article 4 Paragraph 8, including for onward transfers of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 from the third country or an international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26 to another third country or to another international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26. All provisions in this Chapter shall be applied in order to ensure that the level of protection of natural persons guaranteed by this Regulation is not undermined.
Recitals
Recital 101
Flows of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 to and from countries outside the Union and international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26s are necessary for the expansion of international trade and international cooperation. The increase in such flows has raised new challenges and concerns with regard to the protection of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 . However, when personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 are transferred from the Union to controller‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. GDPR Article 4 Paragraph 7s, processor‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. GDPR Article 4 Paragraph 8s or other recipient‘recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing. GDPR Article 4 Paragraph 9s in third countries or to international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26s, the level of protection of natural persons ensured in the Union by this Regulation should not be undermined, including in cases of onward transfers of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 from the third country or international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26 to controller‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. GDPR Article 4 Paragraph 7s, processor‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. GDPR Article 4 Paragraph 8s in the same or another third country or international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26. In any event, transfers to third countries and international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26s may only be carried out in full compliance with this Regulation. A transfer could take place only if, subject to the other provisions of this Regulation, the conditions laid down in the provisions of this Regulation relating to the transfer of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 to third countries or international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26s are complied with by the controller‘controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. GDPR Article 4 Paragraph 7 or processor‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. GDPR Article 4 Paragraph 8.
Recital 102
This Regulation is without prejudice to international agreements concluded between the Union and third countries regulating the transfer of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 including appropriate safeguards for the data subjects. Member States may conclude international agreements which involve the transfer of personal data‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person GDPR Article 4 Paragraph 1 to third countries or international organisation‘international organisation’ means an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries GDPR Article 4 Paragraph 26s, as far as such agreements do not affect this Regulation or any other provisions of Union law and include an appropriate level of protection for the fundamental rights of the data subjects.
Posts regarding this GDPR Paragraph:
- EU-US Privacy Shield 29/10/2018
FAQs regarding this GDPR Article:
GDPR Fines based on this article
Title | GDPR Country | Number of involved data records | GDPR Fine |
---|---|---|---|
Penalty against Telecommunications Company and Its Managing Directors | Bulgaria | 1 | 10,000 € |