Leitfaden Processing of Personal Data in Third Countries
The transfer of personal data accompanies the initiation and processing of business transactions on a daily basis. Just like the business itself, data transmission has long since ceased to stop at the borders of Germany, but is often carried out across borders between European countries or internationally. Through the increasing mobility and the globalization of world trade, this cross-border data exchange is gaining importance. This trend is further advanced by the rapid development of information technology: the worldwide communication via interconnected networks, which can be used to provide a fast and cost-effective solution for the large data volumes exchanged, has freed data processing from geographic limitations. This does not only apply to the exchange of data between contractual partners, but also the exchange and transmission within a corporate group. In international corporations, for example, personnel data is often transferred between subsidiaries and the group holding company or between the subsidiaries. Through the networks in production and trade relations, personal data is not only kept within the company or group of companies, but is also transferred to foreign companies or international databases. It is, for example, required for travel bookings to transfer employee data to a large number of third parties. Often, transfers are also necessary with regard to outsourcing projects, namely to computing service providers.
The Transfer of personal data is therefore important for many companies which led to a series of publications: ‘Transmission of Personal Data - Domestic, EU Countries, Third Countries’ was the fourth publi¬cation of the Bitkom work group data protection and dates back to 2005. The updated version 1.1 was developed in summer 2016 on the basis of the still applicable law of the EU Data Protection Directive 95/46 and the Federal Data Protection Act as well as taking into account the current case law on Safe Harbour. It served as an orientation for the transitional stage until the final application of the EU General Data Protection Regulation. The current version 1.2 was developed in summer 2017 on the basis of the EU General Data Protection Regulation which will be applied from 25 May 2018 onwards.