Adequacy Decisions under the GDPR

Bypsgadmin Updated onDecember 1, 2020

Schrems II update

In July 2020, the Court of Justice of the European Union ruled that the Privacy Shield adequacy decision for the USA was invalid because of invasive US surveillance programs. You can read more about the background of the case, the decision and the implications here.

Recommended further reading: S chrems II: What next for data transfers

Chapter 5 of the GDPR deals with International Data Transfers and the conditions under which they can take place. Specifically, Article 45 talks about transfers on the basis of an Adequacy Decision.

Adopting an Adequacy Decision

Adequacy decisions are how the EU determines if a third country has an adequate level of data protection and there are four main steps involved in adopting an adequacy decision.

When the European Commission assesses whether an adequate level of protection is in place, firstly, they look at things like the rule of law, respect for human rights and fundamental freedoms, access of public authorities to personal data and rules for onward transfer of personal data to another third country or international organisation.

Secondly, they want to see if an effective supervisory authority exists in the country and if that authority has adequate enforcement powers.

Finally, they will look at international commitments the third country has entered into or other legally binding obligations.

Once a third country has an adequacy decision, personal data can travel from the EU to that country without putting any further safeguards in place.

Revoking a Decision?

However, adequacy doesn’t necessarily last forever. At least every 4 years the Commission will review the decision, taking into account relevant developments in the third country. The Commission will also regularly monitor developments in third countries that could affect how the adequacy decision works. They can then appeal, amend or suspend the adequacy decision as necessary.

Lastly, the Commission has to publish a list of sectors, countries, territories and organisations that have adequacy decisions.

We have created a useful poster map for your wall so you can see the current adequacy decisions at a glance (as at June 2020). Download an A4 size PDF of this poster here

Sources and further readings:

European Commission Website

GDPR Article 45

GDPR Recitals 103 – 107

Study setup with a laptop, glasses, whiteboard, and marker on a desk next to a window.

CIPP/E exam

Study Tips: Effective Study Planning

ByBas Hennis October 17, 2024

Preparing for an IAPP certification exam requires more than just studying; it demands strategic planning, especially if you’re juggling a busy schedule. This article offers practical tips to create a realistic study plan, manage time effectively, and utilize tools that streamline exam preparation, helping you stay on track and achieve certification success.

A hand drawing charts, graphs, and icons representing updated study materials and data, reflecting the importance of using current resources for exams like IAPP certifications.

CIPP/E exam

Study Tips: Using Up-to-Date Study Materials

ByBas Hennis October 11, 2024October 11, 2024

Preparing for an International Association of Privacy Professionals (IAPP) certification exam, such as CIPP/E, CIPM, or AIGP, is an essential step toward advancing your career in privacy and data protection. Privacy laws and regulations evolve constantly, so keeping your study materials current is critical. Using outdated resources could harm both your exam performance and professional…

woman sitting at desk using laptop and smiling

CIPP/E exam

The Ultimate CIPP/E Study Guide for 2024

Bypsgadmin April 23, 2023October 7, 2024

Pass the CIPP/E in 2023. This free study guide includes detailed resource lists, study tips and discounts on courses, notes and trial exams

CIPM exam | CIPP/A exam | CIPP/E exam | CIPP/US exam | CIPT exam

New CIPP/E Practice Exam and more from the IAPP

Bypsgadmin October 29, 2020October 1, 2024

IAPP Certification Director Doug Forman and Training Director Marla Berry went live on LinkedIn on October 14th 2020 to answer questions about IAPP Certifications & Training. It was a fantastic Q&A session and we have summarised some key points from the discussion below, including the announcement of a new CIPP/E practice exam coming in 2021!…

CIPP/E exam

A Step by Step Guide to Finding the Best CIPP/E Course

Bypsgadmin February 10, 2023October 1, 2024

You’ve decided to become a Certified Information Privacy Professional and now it’s time to find the best CIPP/E course to get you there

clock hands pointing to words time for an update

CIPP/E exam | CIPP/US exam

IAPP annual CIPP exam updates: October 2023

Bypsgadmin June 5, 2023September 26, 2024

The annual IAPP CIPP exam updates happen on October 2nd 2023. Here are the new topics you can expect to find on the exams

***Schrems II update***

Adopting an Adequacy Decision

Revoking a Decision?

Similar Posts

Schrems II update