enfr
Carte du monde DPO International fr

Having entered into force on May 25, 2018, GDPR has become the “global standard” for data protection. 

With an extraterritorial scope, GDPR frames the processing of personal data by private and public organizations, whether or not they are located in the European Union. 

GDPR is also the standard for assessing the level of protection afforded by the legislation of other countries, located outside the European Union, in the context of adequacy decisions that allow the transfer of personal data from the European Union to these countries without any other specific framework. 

Today, the principles of GDPR have become the reference for all new data protection regulations adopted elsewhere in the world.

The appointment of a Data Protection Officer (DPO) is now mandatory in many countries outside the European Union. 

such as the United Kingdom, Switzerland, Russia, Ukraine, Brazil, Singapore and Thailand

The role of an international DPO is to organize and maintain your organization’s compliance with the applicable personal data regulations, whether your activities are located within or outside the European Union. 

this is an attractive solution for organizations with an international dimension, which do not have in-house expertise in all the countries where they operate and/or do not wish to have multiple data protection compliance contacts.  

Choosing an international DPO means ensuring that your organization’s compliance with local data protection laws is driven by a single person. 

The main tasks and objectives of the international DPO are as follows : 

  • Advise and inform the data controller about his or her obligations under GDPR and the local laws of the countries in which the DPO is appointed;
  • Advise, inform and educate employees of the company where he operates on the various topics related to of personal data protection;
  • Be the point of contact in case of questions from the various stakeholders of the organizations (employees, clients, prospects, data processors, etc.) about the processing of personal data ;
  • Ensure cooperation with and between the supervisory authorities (e.g., in France, the CNIL) and the organization for which it operates.
France
France

Level of protection: EU or EEA member country

Level of protection: EU or EEA member country

Transfers of personal data to this country do not require any transfer controls.

This country is a member of the EDPB.

This country is a member of the AFAPDP.

National Commission for Information Technology and Civil Liberties (CNIL)

3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07

Website: https://www.cnil.fr

USA
United States

Level of protection: Independent authority and law(s)

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be regulated by transfer tools.

This country has a national legislation on personal data protection and a data protection authority recognized by the International Conference of Privacy and Data Protection Commissioners.

Federal Trade Commission FTC
600 Pennsylvania Avenue, NW
Washington, DC 20580
UNITED STATES

Website: https: //www.ftc.gov/tips-advice/business-center/privacy-and-security/privacy-shield

Canada
Canada

Level of protection: Partially adequate country.

This country is recognized as adequate by the EU for some specific processing.

The adequacy concerns the processing carried out in the framework of commercial activities (PIPEDA law). These transfers do not require specific supervision.

Other transfers of personal data to this country need to be regulated by transfer tools.

This country is a member of theAFAPDP.

Office of the Privacy Commissioner of Canada

30 Victoria Street
Gatineau, Quebec
K1A 1H3
CANADA
Website: https: //www.priv.gc.ca/fr/

Singapour
Singapore

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be regulated by transfer tools.

Personal Data Protection Commission

10 Pasir Panjang Road #03-01
Mapletree Business City
Singapore 117438
Website: https: //www.pdpc.gov.sg/

Bresil
Brazil

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be regulated by transfer tools.

Ukraine
Ukraine

Level of protection: Independent authority and law(s).

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be regulated by transfer tools.

This country has national legislation on personal data protection and a data protection authority recognized by the International Conference of Privacy and Data Protection Commissioners.

The Ukrainian Parliament Commissioner for Human Rights (the Ombudsman Office)

21/8 Instytutska Str.
01008 Kyiv
Ukraine
Website: http: //www.ombudsman.gov.ua/

Russie
Russia

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be regulated by transfer tools.

Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor)
7, bldg. 2
Kitaigorodskiy proezd
Moscow, 109074
Russia
Website: http: //rkn.gov.ru/eng/

Royaume-Unis
United Kingdom

Level of protection: Adequate country.

Data protection in this country is regulated by GDPR.

Transfers of personal data to this country do not need to be supervised by transfer tools.

This country is a member of theEDPB.

Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom
Website: https: //ico.org.uk/

Thailande
Thailand

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

Authority for the protection of Personal Data Information Commission
Government House
Bangkok 10300
Thailand

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

Authority for the protection of Personal Data Information Commission
Government House
Bangkok 10300
Thailand

Tunisie
Tunisia

Level of protection: Independent authority and law(s).

This country is not recognized as adequate by the EU.

Transfers of personal data to this country need to be regulated by transfer tools.

This country has national legislation on personal data protection and a data protection authority recognized by the International Conference of Privacy and Data Protection Commissioners.

This country is a member of theAFAPDP.

Instance Nationale de Protection des Données à Caractère Personnel
1, Rue Mohamed Moalla
Mutuelleville 1002 Tunis – Tunisia
Website: http://www.inpdp.nat.tn/

Suisse
Switzerland

Level of protection: Adequate country.

This country is recognized as adequate by the EU.

Transfers of personal data to this country do not need to be supervised by transfer tools.

This country is a member of theAFAPDP.

Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern
SWITZERLAND
Website: http: //www.leprepose.ch

If you would like to know more about the international DPO
feel free to contact us