Contributed By Vondst Advocaten N V
International data transfers are subject to the mechanisms set out in the GDPR. For instance, it is permitted to transfer data to a country outside the EU (or EEA) if the transfer is based on Binding Corporate Rules (BCRs) for intra group transfers, standard data protection clauses, approved codes of conduct or approved certification mechanisms.
BCRs are well established in the Netherlands, with some Dutch multinationals being pioneers in this respect. The AP has played an active role and the EDPB has adopted several documents in which guidance is given to companies wishing to implement BCRs.
On its website, AP gives further guidance with respect to data transfers to the UK in light of Brexit.