CHAPTER 13: MANAGING PERSONAL DATA INTERNATIONALLY

To enforce the Regulation outside the bounds of the EU, the GDPR has a number of elements designed to control how organisations within the EU are able to transfer personal data internationally.

So called “third countries”, those outside the bounds of the EU, are designated under the DPD as “any country other than the EU and EEA Member States”. Given that the Council of Europe includes 17 distinct groups like the EU, EEA, Eurozone and the EFTA, with a complex set of overlaps, it’s critical to understand who “in Europe” you’re allowed to send information to, and what rules need to be in place to do so.

For ease of reference, the EU and EEA countries are shown in Table 2.

Table 2: EU and EEA country ...

Get EU General Data Protection Regulation (GDPR): An Implementation and Compliance Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.