Home Privacy Law GDPR Article 45 GDPR (Transfers On The Basis of An Adequacy Decision)
Privacy Law

Article 45 GDPR (Transfers On The Basis of An Adequacy Decision)

By Editorial Staff

Article 45 of GDPR: Transfers On The Basis of An Adequacy Decision

Article 45 of GDPR lays out the conditions based on which personal data may be transferred to a third country, a territory within a third country or to an international organization in such a way that it will ensure an adequate level of privacy rights.

Transfer to countries considered adequate (Article 45(1) GDPR)

When the Commission determines that a country, a territory within a country or an international organization provides an adequate level of protection to personal data, then data controllers and data processors are authorized to transfer personal data without any specific formalities or specific authorization.

Evaluation of a third country adequacy (Article 45(2) GDPR)

To evaluate a third country’s adequacy level, the Commission should consider the following factors about the third country:

  1. Rule of law (Article 45(2)(a) GDPR)
  2. Respect for human rights (Article 45(2)(a) GDPR)
  3. Data protection legislation (Article 45(2)(a) GDPR)
  4. Public security legislation (Article 45(2)(a) GDPR)
  5. Defence and national security requirements (Article 45(2)(a) GDPR)
  6. Legislation implementation (Article 45(2)(a) GDPR)
  7. Professional rules (Article 45(2)(a) GDPR)
  8. Case law (Article 45(2)(a) GDPR)
  9. Enforcement of legal rights (Article 45(2)(a) GDPR)
  10. Existence and functioning of an independent supervisory authority (Article 45(2)(b) GDPR)
  11. Supervisory authority’s enforcement and compliance with data protection laws (Article 45(2)(b) GDPR)
  12. Supervisory authority’s assistance to data subjects (Article 45(2)(b) GDPR)
  13. Supervisory authority’s level of cooperation with EU member states (Article 45(2)(b) GDPR)
  14. International commitments of the third country (Article 45(2)(c) GDPR)
  15. Participation in multilateral or regional instruments related to data protection (Article 45(2)(c) GDPR)

Commission’s implementing act on adequacy (Article 45(3) GDPR)

Following its assessment, the Commission may decide that a particular third country provides a sufficient level of protection to personal data.

The Commission will adopt an implementing act providing for the mechanisms to review the third country, at least every 4 years.

The Commission will also specify the territorial application of the adequacy decision along with its sectoral application along with the identity of the supervisory authority.

Monitoring of adequacy decisions (Article 45(4) GDPR)

GDPR requires that the Commission monitor the third countries subject to its adequacy decision to ensure that it’s adequacy decision remains relevant.

Repeal of an adequacy decision (Article 45(5) GDPR)

When the Commission obtains relevant information that the third country may no longer provide an adequate level of data protection mechanisms, it has the power to repeal, amend or suspend its adequacy decision.

Its decision will be adopted by way of an implementing act and such act cannot be retroactive.

Consultation with third country (Article 45(6) GDPR)

If the Commission repeals, amends or suspends a third country’s adequacy decision, the Commission should enter into a consultation with the third country with the objective to remedy the situation.

Commission’s decision without prejudice (Article 45(7) GDPR)

If the Commission finds that a third country no longer provides sufficient level of protection of personal data and thus repeals, amends or suspends its adequacy decision, such decision will be without prejudice to the personal data transfers to that third country.

Publication of countries considered adequate (Article 45(8) GDPR)

The Commission must publish a list of the third countries it considers adequate for the purpose of data transfer.

The publication should be done in the Official Journal of the European Union or on the Commission’s website.

Decisions pursuant to Directive 95/45/EC (Article 45(9) GDPR)

The Commission’s decisions adopted based on Directive 95/45/EC will remain in full force until the Commission decides to repeal, amend or replace such a decision based on the GDPR rules.

Recitals applicable to Article 45 of GDPR

Relevant Recitals: 103, 104, 105, 106, 107

GDPR Regulation article-by-article overview

Read our comprehensive overview of the GDPR Regulation, article by article, where we summarize each of the 99 articles contained in GDPR to give you a complete understanding of its content.

Cited Legislation in Article 45 or relevant recitals

Directive 95/46/EC

Regulation (EU) No 182/2011

Council of Europe Convention of 28 January 1981

GDPR Text: Article 45 of GDPR and Relevant Recitals

Icon

GDPR Article 45 (Transfers On The Basis of An Adequacy Decision)

1 file(s) 86.47 KB
Download

GDPR Text Source: EUR-Lex

Official GDPR Text: General Data Protection Regulation 

Official GDPR Title: REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), corrected by Corrigendum, OJL 127, 23.5.2018, p. 2 ((EU) 2016/679)

Previous articleArticle 44 GDPR (General Principle For Transfers)
Next articleArticle 46 GDPR (Transfers Subject To Appropriate Safeguards)
Editorial Staff
Hello Nation! I'm a lawyer by trade and an entrepreneur by spirit. I specialize in law, business, marketing, and technology (and love it!). I'm an expert SEO and content marketer where I deeply enjoy writing content in highly competitive fields. On this blog, I share my experiences, knowledge, and provide you with golden nuggets of useful information. Enjoy!

RELATED ARTICLES

Blog

Signed Under Duress (Explained: All You Need To Know)

Signed Under Duress (Explained: All You Need To Know)
Read more
Blog

Acceptance In Contract Law (All You Need To Know)

Acceptance In Contract Law (All You Need To Know)
Read more
Blog

Novation Contract (Meaning: All You Need To Know)

Novation Contract (Meaning: All You Need To Know)
Read more

Most Popular

What Is A Special Purpose Entity (All You Need To Know)

Blog
What Is A Special Purpose Entity (Explained: All You Need To Know)
Read more

What Is Corporate Raiding (Explained: All You Need To Know)

Blog
What Is Corporate Raiding (Explained: All You Need To Know)
Read more

What Are Golden Shares (Explained: All You Need To Know)

Blog
What Are Golden Shares (Explained: All You Need To Know)
Read more

What Is A Targeted Repurchase (Explained: All You Need To Know)

Blog
What Is A Targeted Repurchase (Explained: All You Need To Know)
Read more

What Is A Friendly Takeover (Explained: All You Need To Know)

Blog
What Is A Friendly Takeover (Explained: All You Need To Know)
Read more
Load more

Editor's Picks

Contracting In Business (Meaning: All You Need To Know)

Blog
Contracting In Business (Meaning: All You Need To Know)
Read more

Alaska Corporation Search (Step-By-Step)

Business
Alaska Corporation Search (Step-By-Step)
Read more

68 Type of Industries (Complete List: All You Need To Know)

Blog
68 Type of Industries (Complete List: All You Need To Know)
Read more

What Is A Biennial Statement (Explained: All You Need To Know)

Blog
What Is A Biennial Statement (Explained: All You Need To Know)
Read more

How Long Is 2 Business Day (All You Need To Know)

Blog
How Long Is 2 Business Day (All You Need To Know)
Read more
Load more
© 2022 - Incorporated.Zone
MORE STORIES
Special Purpose Entity

What Is A Special Purpose Entity (All You Need To Know)