GUIDANCE 8: Appointing a Processor in a jurisdiction that does not have adequacy

This case study walks you through the basic steps you would need to take to appoint a processor based in a ‘non-adequate’ jurisdiction in compliance with the Law.

This guidance takes the form of a case study which walks you through the basic steps you would need to take to appoint a processor based in a ‘non-adequate’ jurisdiction in compliance with the Law.

What is adequacy?
The European Commission (EC) currently recognises a number of jurisdictions around the world as offering an ‘adequate’ standard of data protection. This ‘adequacy decision’ is based on the EC assessing how well a jurisdiction meets the standards of data protection contained in the EU’s General Data Protection Regulation (GDPR). Any jurisdiction that does not have an adequacy decision is considered ‘non-adequate’ and therefore additional safeguards for people’s data are needed.

GUIDANCE 8: Appointing a Processor in a jurisdiction that does not have adequacy

Stay informed

Follow the ODPA

Stay informed

Follow Us