Having entered into force on May 25, 2018, GDPR has become the “global standard” for data protection.
With an extraterritorial scope, GDPR frames the processing of personal data by private and public organizations, whether or not they are located in the European Union.
GDPR is also the standard for assessing the level of protection afforded by the legislation of other countries, located outside the European Union, in the context of adequacy decisions that allow the transfer of personal data from the European Union to these countries without any other specific framework.
Today, the principles of GDPR have become the reference for all new data protection regulations adopted elsewhere in the world.
The appointment of a Data Protection Officer (DPO) is now mandatory in many countries outside the European Union.
such as the United Kingdom, Switzerland, Russia, Ukraine, Brazil, Singapore and Thailand
The role of an international DPO is to organize and maintain your organization’s compliance with the applicable personal data regulations, whether your activities are located within or outside the European Union.
this is an attractive solution for organizations with an international dimension, which do not have in-house expertise in all the countries where they operate and/or do not wish to have multiple data protection compliance contacts.
Choosing an international DPO means ensuring that your organization’s compliance with local data protection laws is driven by a single person.
The main tasks and objectives of the international DPO are as follows :
Level of protection: EU or EEA member country
Level of protection: EU or EEA member country
Transfers of personal data to this country do not require any transfer controls.
This country is a member of the EDPB.
This country is a member of the AFAPDP.
National Commission for Information Technology and Civil Liberties (CNIL)
3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07
Website: https://www.cnil.fr
Level of protection: Independent authority and law(s)
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be regulated by transfer tools.
This country has a national legislation on personal data protection and a data protection authority recognized by the International Conference of Privacy and Data Protection Commissioners.
Federal Trade Commission FTC
600 Pennsylvania Avenue, NW
Washington, DC 20580
UNITED STATES
Website: https: //www.ftc.gov/tips-advice/business-center/privacy-and-security/privacy-shield
Level of protection: Partially adequate country.
This country is recognized as adequate by the EU for some specific processing.
The adequacy concerns the processing carried out in the framework of commercial activities (PIPEDA law). These transfers do not require specific supervision.
Other transfers of personal data to this country need to be regulated by transfer tools.
This country is a member of theAFAPDP.
Office of the Privacy Commissioner of Canada
30 Victoria Street
Gatineau, Quebec
K1A 1H3
CANADA
Website: https: //www.priv.gc.ca/fr/
Level of protection: With legislation.
Existence of general legislation on personal data protection or specific provisions.
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be regulated by transfer tools.
Personal Data Protection Commission
10 Pasir Panjang Road #03-01
Mapletree Business City
Singapore 117438
Website: https: //www.pdpc.gov.sg/
Level of protection: With legislation.
Existence of general legislation on personal data protection or specific provisions.
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be regulated by transfer tools.
Level of protection: Independent authority and law(s).
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be regulated by transfer tools.
This country has national legislation on personal data protection and a data protection authority recognized by the International Conference of Privacy and Data Protection Commissioners.
The Ukrainian Parliament Commissioner for Human Rights (the Ombudsman Office)
21/8 Instytutska Str.
01008 Kyiv
Ukraine
Website: http: //www.ombudsman.gov.ua/
Level of protection: With legislation.
Existence of general legislation on personal data protection or specific provisions.
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be regulated by transfer tools.
Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor)
7, bldg. 2
Kitaigorodskiy proezd
Moscow, 109074
Russia
Website: http: //rkn.gov.ru/eng/
Level of protection: Adequate country.
Data protection in this country is regulated by GDPR.
Transfers of personal data to this country do not need to be supervised by transfer tools.
This country is a member of theEDPB.
Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: https: //ico.org.uk/
Level of protection: With legislation.
Existence of general legislation on personal data protection or specific provisions.
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be supported by transfer tools.
Authority for the protection of Personal Data Information Commission
Government House
Bangkok 10300
Thailand
Level of protection: With legislation.
Existence of general legislation on personal data protection or specific provisions.
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be supported by transfer tools.
Authority for the protection of Personal Data Information Commission
Government House
Bangkok 10300
Thailand
Level of protection: Independent authority and law(s).
This country is not recognized as adequate by the EU.
Transfers of personal data to this country need to be regulated by transfer tools.
This country has national legislation on personal data protection and a data protection authority recognized by the International Conference of Privacy and Data Protection Commissioners.
This country is a member of theAFAPDP.
Instance Nationale de Protection des Données à Caractère Personnel
1, Rue Mohamed Moalla
Mutuelleville 1002 Tunis – Tunisia
Website: http://www.inpdp.nat.tn/
Level of protection: Adequate country.
This country is recognized as adequate by the EU.
Transfers of personal data to this country do not need to be supervised by transfer tools.
This country is a member of theAFAPDP.
Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern
SWITZERLAND
Website: http: //www.leprepose.ch