Cross-Border Data Transfer

Cross-Border Data Transfer. No transfer of Personal Data to a third country or international organization shall take place unless adequate safeguards are in place as required by Chapter V of the GDPR. Approved transfer mechanisms include: (a) an adequacy decision by the European Commission pursuant to Article 45 of the GDPR, confirming that the recipient country ensures an adequate level of data protection; (b) Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Article 46(2)(c) of the GDPR, supplemented by a Transfer Impact Assessment (TIA) where required; (c) Binding Corporate Rules (BCRs) approved by the competent supervisory authority pursuant to Article 47 of the GDPR for intra-group transfers; (d) an approved certification mechanism together with binding and enforceable commitments of the data importer pursuant to Article 42 of the GDPR; or (e) derogations for specific situations under Article 49 of the GDPR, applied on a case-by-case basis. The Data Controller and Data Processor shall maintain records documenting the legal basis for each international transfer and the supplementary measures implemented to ensure the protection of Personal Data is not undermined.