TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

What Needs to be Done Prior to Shipping


28 Transmission of personal data to foreign states


(1) Personal data from a database located in Estonia may be transmitted to a state with a sufficient level of data protection.

(2) (Repealed - 14.04.2004 entered into force 01.05.2004 - RT I 2004, 30, 208)

(3)Transmission of personal data is permitted to the Member States of the European Union, state parties to the Agreement of the European Economic Area and to states the data protection level of which is deemed to be sufficient by the Commission of the European Communities. Transmission of personal data is not permitted to states the data protection level of which is deemed to be insufficient by the Commission of the European Communities.

(4) Personal data may be transmitted to a foreign state which does not meet the condition provided for in subsection (1) of this section only with the permission of the Data Protection Inspectorate:

1) if, in the specific case, the chief processor guarantees the protection of the rights and private life of the data subject in the state;

2) in the specific case of transmission of personal data, the sufficient level of data protection is ensured in the state. Upon assessment of the level of data protection, circumstances related to the transmission of personal data, including the categories of data, the purposes and duration of processing, transmission of data to the country of destination and to the final country of destination and the law of the state shall be taken into account.

(5) The Data Protection Inspectorate shall inform the Commission of the European Communities of a permission granted pursuant to subsection (4) of this section.

(6) Without the permission of the Data Protection Inspectorate, personal data may be transmitted to a foreign state where the sufficient level of data protection is not ensured:

1) if the data subject has consented thereto;

2) in the cases provided for in subsection 14 (2) of this Act;

3) if the data is transmitted to the foreign state in cryptographic form and the data necessary for decoding is not communicated to the foreign state.

(RT I 2004, 30, 208 – entered into force 01.05.2004)


Please refer to the Estonian Data Protection Inspectorate website for further details on the statute
© TRILANTIC - All rights reserved. | Disclaimer | Client Login