Every day, personal data are transferred across international borders in amounts impossible to quantify. Most companies in the EU/EEA, as in any other region of the world, constantly need to send personal data outside that area for multiple business, administrative and compliance reasons in order to run their day-to-day operations and stay competitive in a market that is a little more global with every day that passes. An Austrian tourism agency that organizes trips to Brazil, for example, needs to send its customers' data to the Brazilian hotels; the Spanish subsidiary of a US company may need to send personal data of its employees, suppliers or customers to the US headquarters; a Japanese NGO trying to collect donations in Europe to help Japan with the terrible consequences of the recent earthquake may need to send donors' personal data outside of Europe, etc.
Despite the vital importance of cross-border data transfers, illegally transmitting data outside the EU/EEA is one of the most usual ways in which companies violate local laws implementing the so-called EU Data Protection Directive and one more reason for corporate compliance officers to suffer yet another headache.
Click here to download PDF.