TRILANTICServicesSectorsPartnersResourcesAbout UsContact Us
Case StudiesTRILANTIC NewsletterFree Trial with your DataCost Savings CalculatorAsk The Experts
Document Library
Industrial Links
Glossary
News ReleasesFeatured Articles
Media KitForthcoming EventsEuropean Data Protection Rules

What Needs to be Done Prior to Shipping


Article 9 - Trans-boundary flow of personal data


1. The transfer of personal data is permitted:

a) for member-states of the European Union,

b) for a non-member of the European Union following a permit granted by the Authority if it deems that the country in question guarantees an adequate level of protection. For this purpose it shall particularly take into account the nature of the data, the purpose and the duration of the processing, the relevant general and particular rules of law, the codes of conduct, the security measures for the protection of personal data, as well as the protection level in the countries of origin, transit and final destination of the data. A permit by the Authority is not required if the European Commission has decided, on the basis of the process of article 31, paragraph 2 of Directive 95/46/EC of the Parliament and the Council of 24 October 1995, that the country in question guarantees an adequate level of protection, in the sense of article 25 of the aforementioned Directive.

2. The transfer of personal data to a state non member of the European Union which does not ensure an adequate level of protection is exceptionally allowed only following a permit granted by the Authority, provided that one or more of the following conditions occur:

a)The data subject has consented to such transfer, unless such consent has been extracted in a manner contrary to the law or bonos mores.

b) The transfer is necessary:

i) in order to protect the vital interests of the data subject, provided s/he is physically or legally incapable of giving his/her consent, or

ii) for the conclusion and performance of a contract between the data subject and the Controller or between the Controller and a third party in the interest of the data subject, if s/he is incapable of giving his/her consent, or

iii) for the implementation of pre-contractual measures taken in response to the data subject’s request.

c) The transfer is necessary in order to address an exceptional need and safeguard a superior public interest, especially for the performance of a co-operation agreement with the public authorities of the other country, provided that the Controller provides adequate safeguards with respect to the protection of privacy and fundamental liberties and the exercise of the corresponding rights.

d) The transfer is necessary for the establishment, exercise or defence of a right in court.

e) The transfer is made from a public register which by law is intended to provide information to the public and which is accessible by the public or by any person who can demonstrate legitimate interest, provided that the conditions set out by law for access to such register are in each particular case fulfilled.

f) The Controller shall provide adequate safeguards with respect to the protection of the data subjects' personal data and the exercise of their rights, when the safeguards arise from conventional clauses which are in accordance with the regulations of the present law. A permit is not required if the European Commission has decided, on the basis of article 26, paragraph 4 of Directive 95/46/EC, that certain conventional clauses offer adequate safeguards for the protection of personal data.

In the cases referred to in the preceding paragraphs, the Authority shall inform the European Commission and the respective Authorities of the other member-states a) when it considers that a specific state does not ensure an adequate protection level and b) for the permits granted pursuant to paragraph 2, point f


Please see the Hellenic Data Protection Authority website for further details on the statute
© TRILANTIC - All rights reserved. | Disclaimer | Client Login