Portugal
5.6 Cross border transfer of data For the purposes of the GDPR, cross- border processing means either: processing of personal data in the context of the activities of establishments in more than one Member State of a controller or processor in the EU, where the controller or processor is established in more than one Member State; or processing of personal data in the context of the activities of a single establishment of a controller or processor in the EU which substantially affects or is likely to substantially affect data subjects in more than one Member State
Cross-border transfer of personal data involves the transmission of personal information from one country to another. This type of transfer is common in a globalized world, where companies often operate in multiple countries and may need to access personal data of individuals located in different legal jurisdictions. Transfers of personal data to third countries or to international organizations are regulated in Articles 44 to 50 GDPR. As a general rule (Article 44 GDPR) sets that any transfer of personal data which is undergoing processing or is intended for processing after transfer to a third country or to an international organization, may only occur if the conditions laid down in the GDPR are complied by the controller and processor (including for onward transfers of personal data from the third country or an international organization to another third country or another international organization). Article 49 GDPR also establishes derogations for specific situations: in the absence of an adequate decision or of appropriate safeguards (including binding corporate rules), a transfer or a set of transfers of personal data to a third country or an international organization can only take place on one of the following conditions:
www.mgra.pt
Made with FlippingBook - PDF hosting