Principle 8 is another important provision. It limits the transfer of personal data to countries outside the EEA unless the data controller can bring themself within one of the exceptions to this prohibition, or they can be sure that equivalent protection is provided for the personal data in the country to which it is being sent.

Simply putting information on a website hosted within the EEA does not amount to a transfer of personal data, but if information is deliberately pushed onto a website outside the EEA or is transferred, whether electronically or by disc or other mechanism outside the EEA, or access is given from outside the EEA, then these provisions apply.

The restrictions on sending personal data ...

Get Data Protection Compliance in the UK, Second Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.