01) Does your organisation transfer any personal data out of the European Economic Area?
GDPR EEA Restricted Framework
Written by Haydn Brooks
Created on March 18, 2019
Modified on September 3, 2020

Answer yes if your organisation transfers personal data to any entity that sits outside of the European Economic Area. If yes, please upload a spreadsheet listing the company names, location country, and data type sent as evidence.

The General Data Protection Regulation (GDPR) is an EU regulation, but still applies to data transfers that send personal data of EU citizens outside of the EU (these transfers are referred to as a ‘restricted transfers’).

How to implement the control:
A useful guide on restricted transfers was published by the ICO and can be found here.

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.