French Data Transfer Assessments Guide Emphasizes GDPR Equivalence
Organizations exporting data from France must ensure it will be protected in a way that's substantially equivalent to safeguards in the General Data Protection Regulation (GDPR), France's CNIL said in a guide it published Wednesday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Organizations transferring data outside the European Economic Area are responsible for suspending transfers or terminating contracts if data importers are unable to comply with EU law, the guide said.
Those relying on transfer tools, such as standard contractual clauses or binding corporate rules, must assess the level of protection in third countries of destination and the need for additional safeguards.
The goal of this final version of the guide is to help companies carry out data transfer assessments (DTAs) when they export data to non-EEA countries.
The voluntary guide lays out steps companies can take to perform DTAs.
Such assessments are unnecessary when the country of destination is covered by a European Commission adequacy decision or if the transfer is carried out on the basis of one of the exceptions listed in the GDPR, CNIL added.