![]() The EU adequacy decision constitutes the first adequacy decision since the entering into force of the GDPR. This means that transfers of personal data between public authorities and bodies are excluded from the scope of the adequacy decision. The scope of the EU adequacy decision is limited to business operators in Japan subject to the Act on the Protection of Personal Information as completed by the Supplementary Rules.Moreover, the obligation for a company to conclude a data processing agreement with its processor(s) as prescribed by Article 28 of GDPR is not removed. The adequacy decisions only apply to the transfer of data between EU and Japan, which means that global companies might still need to implement an Intra-Group Data Transfer Agreement (IGDTA) in order to cover the transfer of data to countries other than EEA countries and Japan.The reciprocal adequacy decisions therefore allow companies to freely exchange personal data of their employees and customers without having to engage in burdensome paper work. Transfer of data between EU and Japan are assimilated to intra-EEA transfer of data. That means that the requirements of Article 46 of GDPR imposing additional measures to be taken providing appropriate safeguards for international data transfer ceases to apply to data transfer between the EU and Japanese companies. ![]() In practice, with the adoption of the adequacy decisions, EU and Japanese businesses are now able to transfer data between them without being required to provide further safeguards or being subject to additional conditions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |