Question

Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?

a) Adequacy decisions are not necessary for cross-border transfers.
b) Adequacy decisions are automatically granted to all countries outside the EU.
c) Adequacy decisions are required for cross-border transfers, confirming that a non-EU country provides a level of data protection equivalent to that in the EU.
d) Adequacy decisions only apply to certain types of data transfers.

Answer 1

Under the GDPR, adequacy decisions are required for cross-border transfers to confirm that non-EU countries provide the same level of data protection as the EU.

Step-by-step explanation:

Under the GDPR, adequacy decisions are required for cross-border transfers, confirming that a non-EU country provides a level of data protection equivalent to that in the EU. These decisions assess whether a country's laws, regulations, and practices are in line with the GDPR's data protection standards. If a country is granted an adequacy decision, it is considered to have an adequate level of data protection, allowing for the free flow of personal data between that country and the EU.

However, it is important to note that adequacy decisions do not apply automatically to all countries outside the EU. Each country is assessed individually to determine if it meets the GDPR's requirements.

Therefore, option c) 'Adequacy decisions are required for cross-border transfers, confirming that a non-EU country provides a level of data protection equivalent to that in the EU' is the correct answer.