The Berlin DPA (Berliner Beauftragten für Datenschutz und Informationsfreiheit) has published a concise guideline on international data transfers relating to Art. 44 and following of the EU GDPR. The guideline notes that personal data may only be processed if there is a permit for this in the law. If personal data is to be transferred to third countries outside the European Union (EU) or the European Economic Area (EEA), additional requirements apply. A two-stage check is therefore required: 1) Would data processing be permitted if it took place in the EU/EEA? 2) Is the data export to the third country also permitted? Find the full guideline here.
