Answer yes if your organisation transfers personal data to any entity that sits outside of the European Economic Area. If yes, please upload a spreadsheet listing the company names, location country, and data type sent as evidence.
The General Data Protection Regulation (GDPR) is an EU regulation, but still applies to data transfers that send personal data of EU citizens outside of the EU (these transfers are referred to as a ‘restricted transfers’).
A useful guide on restricted transfers was published by the ICO and can be found here.
If you would like to contribute to this article or provide feedback, please email firstname.lastname@example.org. Contributors will be recognised on our contributors page.