This week the EU and Japan have agreed to recognise each others data protection regulations as “adequate” meaning that once the formalities are completed (later this year), Japan will be added to the list of non-EU countries who have adequate data protection regimes.
The GDPR and the Data Protection Directive before it, puts in place restrictions on the transfer of personal data outside the EU. Transfer only being allowed when the country where the data will be processed:
- Has adequate data protection regulations in place meaning they mirror the requirements of the EU standards (GDPR); or,
- Has an agreement in place, such as the EU-US Privacy Shield agreement;
Failing adequacy being in place it then comes down to the need for contractual clauses binding organisations to EU standards, the so called model contractual clauses.
According to the European Commission press release the Commission plan on adopting the agreement once the usual EU regulatory hoops have been jumped through, such as approval by the European Data Protection Board.