Can I process data outside the EU under the GDPR?

The GDPR allows transfer of personal data to non-EU countries (so called “third countries”) to ensure international trade and cooperation.

You can transfer data to secure countries: Andorra, Argentina, Canada (only commercial organizations), Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland, Uruguay, and USA (if the receiver belongs to the Privacy Shield).

To transfer data to a non-secure third country, you need to make sure that the personal data will be protected by the recipient. There are two main ways of ensuring this:

  • the recipient complies with the rules explained in a data protection clause
  • the recipient is certified to process personal data (e.g. they belong to the Privacy Shield).
This content is provided for educational purposes only. GDPR is fact-specific and the way it applies to your organization may differ from what’s discussed in this article. Please do not treat it as a substitute of a professional legal opinion. Always consult your lawyer or other professionals responsible for data protection within your organization. GetResponse can’t be held liable for any indirect, special, incidental, or consequential damages arising out of any use of or reliance on any content or materials included here.