| TD: Use of Derogations for International Data Transfers Without Safeguards

Use of Derogations for International Data Transfers Without Safeguards, v1.0

Specifies requirements in accordance with General Data Protection Regulation (GDPR) Art. 49(1).

Assessment Step

1 Use of Derogations for International Data Transfers Without Safeguards (UseofDerogationsforInternationalDataTransfersWithoutSafeguards) If the entity transfers personal data to a third country or international organisation without relying on an adequacy decision or appropriate safeguards, does it ensure that the transfer meets one of the following conditions: explicit consent of the data subject after being informed of risks; necessity for performance of a contract with the data subject; necessity for a contract in the interest of the data subject; important public interest; legal claims; protection of vital interests where consent is not possible; or public register access? Artifact A1 Provide evidence (e.g. organizational policies, procedures, compliance/assessment reports, etc.) and supporting notes as appropriate to support the assessor's response to this assessment step.

Conformance Criteria (1)

Use of Derogations for International Data Transfers Without Safeguards In the absence of an adequacy decision or appropriate safeguards, the data controller and the data processor may transfer personal data to a third country or international organisation only if one of the following conditions is met: the data subject has explicitly consented to the proposed transfer after being informed of the possible risks; the transfer is necessary for the performance of a contract between the data subject and the data controller or for the implementation of pre-contractual measures; the transfer is necessary for the conclusion or performance of a contract concluded in the interest of the data subject between the data controller and another natural or legal person; the transfer is necessary for important reasons of public interest; the transfer is necessary for the establishment, exercise, or defence of legal claims; the transfer is necessary to protect the vital interests of the data subject or of other persons where the data subject is physically or legally incapable of giving consent; or the transfer is made from a register intended to provide information to the public and is open to consultation by the public or persons demonstrating a legitimate interest. Citation GDPR Art. 49(1), Recital 111

Show Metadata, Sources & Terms

Hide Metadata, Sources & Terms

Metadata

Identifier

https://artifacts.trustmarkinitiative.org/lib/tds/use-of-derogations-for-international-data-transfers-without-safeguards/1.0/

Publication Date

2025-05-15

Issuing Organization

TMI (https://trustmarkinitiative.org/) View Contact

No Responder

help@trustmarkinitiative.org

555-555-5555

No Mailing Address

Keywords

GDPR, Data Protection, Privacy, Data Privacy

Issuance Criteria

yes(ALL)

Target Recipient

Entities that want to demonstrate compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679, as published in the Official Journal of the European Union (OJ L 119, 4.5.2016, p. 1–88), in the role of a Data Controller or a Data Processor.

Legal Notice

This artifact is published by the Georgia Tech Research Institute (GTRI) as part of the Trustmark Initiative. This artifact and the information contained herein is provided on an "AS IS" basis, and GTRI disclaims all warranties, express or implied, including but not limited to any warranty that the use of the information herein will not infringe any rights or any implied warranties or merchantability or fitness for a particular purpose. In addition, GTRI disclaims legal liability for any loss incurred as a result of the use or reliance on the document or the information contained herein.

Sources (1)

GDPR	General Data Protection Regulation (GDPR) (EU) 2016/679, as published in the Official Journal of the European Union (OJ L 119, 4.5.2016, p. 1-88).

Also available as XML or JSON