Transfers of data
The transfer of personal data outside of the EU is only allowed under certain conditions as set out in Directive 95/46/EC and also in the General Data Protection Regulation which will be fully applicable as of May 2018. If a country is deemed by the European Commission to offer an adequate level of protection, it will be subject to the same rules as an EU Member State, which means that the recipient of the data in that state will not be obliged to take specific measures to allow for the transfer. Transferring data to a country without an adequacy decision requires appropriate safeguards, such as standard contractual clauses or binding corporate rules. Derogations to this rule can be obtained in very specific cases. The European Data Protection Board, of which the EDPS is a member, will provide the Commission with Opinions on this subject.
EDPS Decision authorising, subject to conditions, the use of the administrative arrangement between the European Commission and the Turkish Medicines and Medical Devices Agency in the context of the Turkish participation in the EU regulatory system for medical devices Eudamed (Case 2021-0347)
EDPS Opinion on Online Event Management at EACEA (Case 2020-1119)
The year 2020 was unique for the world and, by extension, for the European Data Protection Supervisor (EDPS). Like many other organisations, the EDPS had to adapt its working methods as an employer, but also its work since the COVID-19 health crisis strengthened the call for the protection of individuals' privacy.
This Annual Report provides an insight into all EDPS activities in 2020.
The Executive Summary of the EDPS Annual Report 2020 will be made available in all official languages of the EU in due course.
EDPS Formal comments on the Proposal for a Regulation of the European Parliament and of the Council on serious cross-border threats to health and repealing Decision No 1082/2013/EU