Defining Country Adequacy
About Country adequacy
The European Union distinguishes between three types of countries:
|
Country
|
Legislation
|
Requirement
|
|---|---|---|
|
EU
|
GDPR
|
No safeguard needed
|
|
Outside EU
|
Data protection law equivalent to the GDPR
|
No safeguard needed
|
|
Outside EU
|
No data protection law
|
Safeguards must be applied
|
For more information on safeguards, see Defining Transfer Safeguards.Accessing country-adequacy information
To access country-adequacy information:
Select Key elements > Country GDPR adequacy.This section lists countries and provides information regarding the level of adequacy of the country's data protection law. The information is provided by the European Commission and is periodically updated.
Country-adequacy information use
When you describe an existing data transfer in the processing activity property page, the risk level associated to the transfer is automatically computed based on the country adequacy level.
For more information on data flows, see Specifying data transfers on a processing activity.Moreover, this information may guide you when it comes to identify the transfers requiring the adoption of specific safeguards (eg. Binding corporate rules, standard contractual clauses, consent).