Data Protection Services at KINAST
International Data Flow
Cross-border data flows are a critical part of international trade and digital service models. In the modern, interconnected world, this kind of international data flow underpins the global economy. Of course, these data flows are subject to the laws in force, both locally and internationally.
What is international data flow?
When talking about data flow, we essentially refer to the circulation of personal data between two or more parties. When this happens on an international level, it is called cross-border data flow, international data flow or third-country data transfer if it is a data flow outside the EU/EEA.
When personal data is transferred outside the European Economic Area, it must be accompanied by special safeguards to ensure that the data has adequate protection. This may include ensuring that the data is encrypted, or that the receiving party has agreed to comply with EU data protection laws. By taking these measures, businesses can help protect their customers’ privacy and ensure that their data is handled in a safe and responsible manner.
Do you need an External Data Protection Officer?
We don’t only advise on international data flow, but also offer smart, full service data protection solutions. We do the hard work. You concentrate on growing your business.
Five steps to compliance:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
International Data Flow in action
One of the most common types of cross-border data flow that we handle is the trans-Atlantic data transfer: Personal data is sent from the EU to the USA and vice versa. This is the case, for example, when using online service providers. In this instance, our professionals can help you to verify the provider’s compliance and the safety measures in place.
For specific countries, so-called adequacy decisions are in place, as it has been determined that these countries have an adequate level of data protection essentially equal to that of the EU. No additional safety measures are needed for data flows in these countries. This is the case for e.g., Canada, Switzerland and others.
Other areas to consider:
How can we guarantee the security of your international data flow?
As experienced External Data Protection Officers and lawyers, we really know data protection law better than anyone else. We understand your business and industry, and provide the streamlined, risk based solutions you thought weren’t possible. We have the manpower and, together with our proven three-point plan, our teams will not only secure your cross border data flow, but also offer future-proof implementation.
As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.
In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.
Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.
Why use the services provided by KINAST?
The majority of international data transfers need to be determined on a case-by-case basis. There is no ‘one-size-fits-all’ solution. As experienced External Data Protection Officers and lawyers, we really know data protection law better than anyone else. We understand your business and industry, and provide the streamlined, risk based solutions you thought weren’t possible.
What makes KINAST the best choice for international data flow and data protection law?
Get assistance securing the flow of your company's data over international borders
If you’re uncertain that the data you are sending to a third country is secure, you should seek qualified legal advice. At KINAST, we guarantee that your company is in safe hands. So why not contact us today for a free, no obligation consultation?
Send this page to a colleague?
Frequently asked questions
Securing your company’s international data flow can be a complicated process, even for the best legal minds. Below, we’ve answered some of the questions our clents ask us the most. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you soon.
An international data flow basically takes place every time the recipient of the personal data processed is located outside the EU.
The European Data Protection Supervisor (EDPS) has stated that in absence of an adequacy decision, the first thing that needs to be in place are the SCCs, a set of data protction clauses drafted and agreed upon by the European Commission. Further information can be found under Art. 46 (1) GDPR.
In case of data flow to a third country, it must be ensured that adequate measures are in place, and that a contract is signed. Furthemore, the contract should clearly state the rights of the data subject and the purpose of the data processing. It should also be assessed what additional transfer safeguards according to the GDPR are to be agreed upon. Accompanied by the conduction of a Transfer Impact Assessment (TIA).