Can I process data outside the EU under the GDPR?
The GDPR allows transfer of personal data to non-EU countries (so called “third countries”) to ensure international trade and cooperation.
You can transfer data to secure countries: Andorra, Argentina, Canada (only commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and USA (if the receiver belongs to the Privacy Shield).
To transfer data to a non-secure third country, you need to make sure that the personal data will be protected by the recipient. There are two main ways of ensuring this:
- the recipient complies with the rules explained in a data protection clause
- the recipient is certified to process personal data (e.g. they belong to the Privacy Shield).