The General Data Protection Regulation (GDPR) is a comprehensive European data protection law that provides greater data rights for individuals and increases compliance responsibilities for organizations. At its core, the GDPR grants EU residents greater control over their personal data and gives national regulators new powers to impose significant fines on organizations that breach this law.


Before talking about the data transfer outside of EU-EEA-Swiss let's let's briefly discuss your rights arising from GDPR.You have the following rights under the GDPR:

  • Access your personal data
  • Correct errors in your personal data
  • Erase your personal data
  • Object to the processing of your personal data
  • Export your personal data

Your privacy and security is always essential for us. Therefore we are doing our best for complying and supporting your rights. In terms of Wremia privacy and security policies I offer you to take a look at the links below:

Does GDPR let data transfer out of EU?

The anwser if yes - with a limited extent. GDPR lets "restricted transfer" which requires higher level control for your privacy. This restiction may vary but here we will discuss transfers to United States.

The "adequacy decision" is a key term for restrictive transfer. This decision is a finding by the Commission that the legal framework in place in that country, territory, sector or international organisation provides ‘adequate’ protection for individuals’ rights and freedoms for their personal data. And The adequacy finding for the USA is only for personal data transfers covered by the EU-US Privacy Shield framework.

Privacy-Shield Framework.

As mentioned on, On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law. On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States.

Althgough Privacy-Shield is a adequacy framework it is not a compliance mechanism. Therefore you have to consider the companies' policies and trustability.

In the next chapters we will discuss about the remaining terms like DPO, data cotrollers, Standard Contractual Clauses and dispute resolutions.

Related Articles