Data Transfer

The transmission, disclosure, or making available of personal data from one entity or location to another. Data transfers occur in many contexts: sending data internationally, sharing with third parties, disclosing to vendors, moving between corporate entities, or transmitting between systems. Privacy laws pay particular attention to international transfers (cross-border transfers) because data moving to other jurisdictions may escape regulatory protection. Under GDPR, transfers outside the European Economic Area require adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules, or other approved mechanisms. Even transfers within an organization may require safeguards if they cross jurisdictional boundaries. Organizations must map data transfers, assess transfer risks, implement appropriate mechanisms, document transfers, and monitor ongoing compliance. The complexity of transfer regulations, especially post-Schrems II, makes this one of privacy law's most challenging areas.