01) Does your organisation transfer any personal data out of the European Economic Area?
GDPR EEA Restricted Framework
Written by Haydn Brooks
Created on March 18, 2019
Modified on August 27, 2019

Answer yes if your organisation transfers personal data to any entity that sits outside of the European Economic Area. If yes, please upload a spreadsheet listing the company names, location country, and data type sent as evidence.

The General Data Protection Regulation (GDPR) is an EU regulation, but still applies to data transfers that send personal data of EU citizens outside of the EU (these transfers are referred to as a ‘restricted transfers’).

How to implement the control:
A useful guide on restricted transfers was published by the ICO and can be found [here](https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/ "ICO Restricted Transfers").

If you would like to contribute to this article or provide feedback, please email knowledge@riskledger.com. Contributors will be recognised on our contributors page.