principle 1
| principle 2
| principle 3
| principle 5
| principle 4
| principle 6
| principle 7
| principle 8
principle 8
Personal data shall not be transferred to any non-European Economic Area country that does not ensure adequate protection for it
Are our data transfers restricted to countries within the EEA?
If we transfer data to places outside the EEA, do these places have EU approval (i.e. are they on the approved ‘Safe’ list which currently approves only Switzerland, Canada, Argentina, Guernsey, and the Isle of Man)?
If we transfer personal data to areas outside the EEA, are we confident that we have proper mechanisms in place that enable us to transfer the data without breaching the DPA?
