COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT AND THE COUNCIL Exchanging and Protecting Personal Data in a Globalised World

The General Data Protection Regulation ((EU) 2016/679) (GDPR) and the Directive on data protection in the police and criminal justice sector ((EU) 2016/680) (Law Enforcement Directive) will become applicable in May 2018. Both contain measures to strengthen personal data protection in the context of cross-border transfers of personal data for commercial and law enforcement purposes. Both measures were formally adopted on the 27th April 2016 and will come into force in May 2018.
The GDPR provides a suite of mechanisms to transfer personal data from the EU to third countries, including binding corporate rules (BCRs), standard contractual clauses (SCC) and adequacy decisions. Whilst these measures are already available under the current Directive, the reforms seek to simplify and expand their use and encourage the development and use of new approved codes of conduct and certification mechanisms to legitimise data transfers. The present Communication published on 10 January 2017 sets out the Commission's strategy for engaging selected third countries in the future to reach adequacy decisions and promoting data protection standards through international data protection instruments.

Topic  Data 
Department  DCMS 
Council Reference  5191/17 
COM Reference  COM(17)7 
SEC Reference   
PE Cons   
JOIN   
SWD   
C Reference   

Search by reference numbers or topic