Key Principles of GDPR Article 44 and How to Apply Them
Under GDPR Article 44 any transfer of personal data to a third country (or another international organisation) can only take place if it respects the conditions laid down both within the article, and throughout other provisions provided in GDPR
GDPR Article 44 Legal Text
EU GDPR Version
General Principle for Transfers
- Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if, subject to the other provisions of this Regulation, the conditions laid down in this chapter are complied with by the controller and processor, including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation. All provisions in this chapter shall be applied in order to ensure that the level of protection of natural persons guaranteed by this Regulation is not undermined.
UK GDPR Version
General Principle for Transfers
- Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if, subject to the other provisions of this Regulation, the conditions laid down in this chapter are complied with by the controller and processor, including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation. All provisions in this chapter shall be applied in order to ensure that the level of protection of natural persons guaranteed by this Regulation is not undermined.
Manage all your compliance, all in one place
ISMS.online supports over 100 standards and regulations, giving you a single platform for all your compliance needs.
Technical Commentary
GDPR Article 44 deals with transfers to other countries or organisations across 3 key areas:
- ‘Onwards transfers’ – transfers of personal data from the third country or an international organisation to another third country or to another international organisation.
- Overall GDPR compliance of the transfer of personal data.
- A guaranteed level of protection for naturalised citizens.
ISO 27701 Clause 7.5.1 (Identify Basis for PII Transfer Between Jurisdictions) and GDPR Article 44
Regional regulatory and legal rules vary depending on where the data has originated from, and where it’s going to be transferred to.
Organisations should take all relevant laws, frameworks and regulations into account whenever they need to transfer data between jurisdictions, including the use of a designated supervisory authority.
Index of Linked EU GDPR Articles and ISO 27701 Clauses
| GDPR Article | ISO 27701 Clause | ISO 27701 Supporting Clauses |
|---|---|---|
| EU GDPR Article 44 | ISO 27701 7.5.1 | None |
How ISMS.online Help
As one of the toughest privacy and security regulations in the world, GDPR fines for violations are substantial. But here’s the good news. With ISMS.online, you can easily demonstrate a level of privacy protection that goes beyond ‘reasonable’, all in one secure, always-on location.
The ISMS.online platform includes built-in guidance at each step, combined with our ‘Adopt, Adapt, Add’ implementation approach, so demonstrating your GDPR compliance is significantly easier. A variety of time-saving tools will also be available to you.
Find out more by booking a short demo.
