Chapter 6: Transfers to third countries

If personal data is transferred to countries outside the EEA (called third countries in the GDPR) or international organisations, the provisions of Chapter V of the GDPR come into play. Storing data on a Cloud provider’s system outside the EEA counts as such a transfer, even if the data is not intended to be used anywhere outside the EEA.

As discussed earlier, it is common for a Cloud application to be provided by a chain of subcontractors. It is the controller’s responsibility to examine the entire chain in order to assess whether Chapter V applies. This chapter aims to achieve an equivalent level of protection for data transferred abroad to that it would receive within the EEA.

This level of protection ...

Get Data Protection and the Cloud - Are you really managing the risks? now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Data Protection and the Cloud - Are you really managing the risks? by Paul Ticher

CHAPTER 6: TRANSFERS TO THIRD COUNTRIES

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly