Carte du monde DPO International fr

The GDPR came into force the 25th of May, 2018 to become the “global standard” for data protection.

Enjoying an extraterritorial scope, the GDPR provides a framework for the processing of personal data by private and public bodies, whether or not they are located in the European Union.

The GDPR has been treated as  the standard rule for assessing the level of protection given by third countries legislations. Some of these countries took adequacy decisions to allow the transfer of personal data from the European Union to their soil without any other specific framework.

Today, the principles of GDPR have become the common rule for all new data protection regulations adopted elsewhere in the world.

The appointment of a Data Protection Officer (DPO), a function that has been created by the GDPR, became compulsory in many countries outside the European Union.

For example: the United Kingdom, Switzerland, Russia, Ukraine, Brazil, Singapore and Thailand.

The international DPO organises and maintains your organisation’s compliance with the applicable personal data regulations, regardless of whether your activities are located within or outside the European Union.

International organisations will find interesting to outsource such role, so that they will not  have to carry in-house expertise in all the countries in which they operate and/or will benefit from a single point of contact.

Having an international DPO gives you the opportunity to comply with local data protection regulations, with one and only one point of contact.

The main tasks and objectives of the international DPO are the following:

  • To advise and inform the data controller about his obligations under the GDPR and the local laws of the countries in which the DPO is appointed;
  • To advise, inform and raise awareness among the employees of the company where he/she operates on the various subjects related to the protection of personal data;
  • To be the point of contact in the event of questions from the various stakeholders of the organisation (employees, clients, prospects, subcontractors, etc.) regarding the processing of personal data;
  • Ensuring cooperation with and between the supervisory authorities (e.g. in France, the CNIL) and the organisation for which it operates.
United States

Degree of protection: Independent authority and law

This country is not considered adequate by the EU.

Transfer of personal data to this country requires additional safeguards.

This country has a national law on data privacy and a supervisory authority recognized by the International Conference of Privacy and Data Protection Commissioners.

Federal Trade Commission FTC
600 Pennsylvania Avenue, NW
Washington, DC 20580
United States

 

Website: https://www.ftc.gov/tips-advice/business-center/privacy-and-security/privacy-shield

France

Degree of protection: Member of the EU or the EEA

Transfer of personal data to this country does not require complementary safeguards.

This country is a member of the EDPB.

This country is a member of the AFAPDP.

Commission nationale de l’informatique et des libertés (CNIL)

3 Place de Fontenoy
TSA 80715
75334 PARIS CEDEX 07

Website: https://www.cnil.fr

Canada
Canada

Level of protection: Partially adequate country.

Canada is recognised as adequate by the EU for certain specific processing operations.

The adequacy concerns processing carried out in the context of commercial activities (PIPEDA law). These transfers do not require specific supervision.

Other transfers of personal data to this country require the use of transfer tools.

This country is a member of the AFAPDP.

Office of the Privacy Commissioner of Canada

30 Victoria Street
Gatineau, Quebec
K1A 1H3
CANADA

Website: https://www.priv.gc.ca/fr/

Singapour
Singapore

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognised as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

Personal Data Protection Commission
10 Pasir Panjang Road #03-01
Mapletree Business City
Singapore 117438

Website: https://www.pdpc.gov.sg/

Bresil
Brazil

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognised as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

Ukraine
Ukraine

Level of protection: Independent authority and law(s).

This country is not recognised as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

This country has national legislation on personal data protection and a data protection authority recognised by the International Conference of Privacy and Data Protection Commissioners.

The Ukrainian Parliament Commissioner for Human Rights (the Ombudsman Office)
21/8 Instytutska Str.
01008 Kyiv
Ukraine

Website : http://www.ombudsman.gov.ua/

Russie
Russia

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognised as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor)
7, bldg. 2
Kitaigorodskiy proezd
Moscow, 109074
Russia

Website: http://rkn.gov.ru/eng/

Royaume-Unis
United Kingdom

Level of protection: Adequate country.

Data protection in this country is governed by the GDPR.

Transfers of personal data to this country do not need to be supervised by transfer tools.

This country is a member of the EDPB.

Information Commissioner’s Office
Wycliffe House Water Lane
Wilmslow
Cheshire SK9 5AF
United Kingdom

Website: https://ico.org.uk/

Thailande
Thailand

Niveau de protection : Avec législation.

Existence d’une législation générale sur la protection des données personnelles ou des dispositions spécifiques.

Ce pays n'est pas reconnu comme adéquat par l'UE.

Les transferts de données personnelles vers ce pays nécessitent d'être encadrés par des outils de transfert.

Authority for the protection of Personal Data Information Commission
Government House
Bangkok 10300
Thailand

Level of protection: With legislation.

Existence of general legislation on personal data protection or specific provisions.

This country is not recognised as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

Authority for the protection of Personal Data Information Commission
Government House
Bangkok 10300
Thailand

Tunisie
Tunisia

Level of protection: Independent authority and law(s).

This country is not recognised as adequate by the EU.

Transfers of personal data to this country need to be supported by transfer tools.

This country has national legislation on personal data protection and a data protection authority recognised by the International Conference of Privacy and Data Protection Commissioners.

This country is a member of the AFAPDP.

Instance Nationale de Protection des Données à Caractère Personnel
1, Rue Mohamed Moalla
Mutuelleville 1002 Tunis – Tunisia

Website: http://www.inpdp.nat.tn/

Suisse
Switzerland

Level of protection: Adequate country.

This country is recognised as adequate by the EU.

Transfers of personal data to this country do not need to be supervised by transfer tools.

This country is a member of the AFAPDP.

Federal Data Protection and Information Commissioner
Feldeggweg 1
3003 Bern
SWITZERLAND

Website: http://www.leprepose.ch

If you would like to know more about the International DPO
please do not hesitate to contact us