International Privacy

Data transfer between companies does not end at national borders. The challenges of multinational companies bring about the global transfer of personal data, i.e. in establishing whistle-blowing hotlines, building up CRM or employee databases, global ticketing systems, global IT support, anti-corruption and anti-terrorism screening, etc. The legal requirements for such global transfers differ significantly depending on the relevant national legislation.

Our lawyers and IT experts have profound experience in thoroughly assessing the specific requirements for international IT projects offering pragmatic and practicable solutions. 

We have organized, managed and coordinated various projects in compliance with multinational requirements – always keeping an eye on minimizing privacy risks and avoiding redundant national deviations. Our strong expertise in European privacy legislation and jurisdiction proves to be a big advantage as both of them affect international privacy standards.

Two requirements have to be fulfilled to legitimate a transfer of personal data to a company which is based outside the European Union. First a legal basis must exist that allows the desired transfer of personal data. This can either be a legal provision or the consent of the person concerned. 

Furthermore the transmitting body has to ensure that the recipient guarantees an adequate level of data protection.

In cases where a transfer of personal data is planned to a country that - from the EU perspective - does not provide an adequate level of data protection, there are three basic options to ensure the needed level of protection for the data on the recipient´s side: