Read our latest Supply Chain Risks Insight Report. Click here

01) Does your organisation transfer any personal data out of the European Economic Area?

March 18, 2019 GDPR EEA Restricted Framework

Answer yes if your organisation transfers personal data to any entity that sits outside of the European Economic Area. If yes, please upload a spreadsheet listing the company names, location country, and data type sent as evidence.

The General Data Protection Regulation (GDPR) is an EU regulation, but still applies to data transfers that send personal data of EU citizens outside of the EU (these transfers are referred to as a ‘restricted transfers’).

How to implement the control:

A useful guide on restricted transfers was published by the ICO and can be found here.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.