Products

Personal Data Discovery

Data Discovery

AI-based solution designed to automate personal data discovery and classification

Data Inventory

Discover personal data across multiple systems in the cloud or on-premise

Privacy Program Automation

Data Processing Inventory (ROPA)

Harbor cooperation between DPO, Legal Services, IT and Marketing

Data Subject Request

Turn data subjects request into an automated workflow with a clear insight into data every step of the way

Assessment Automation

Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation

Third Party Management

Guide your partners trough vendor management process workflow

Risk Management

Identifying the risk from the point of view of Data Subject

Incident Management

Quickly respond, mitigate damage and maintain compliance

Consent and Preference Management

Data Removal orchestration

Data Removal

Introducing end-to end automation of personal data removal

Services

State-of-Privacy-Assessment (SOPA)

Support

Professional Services

Pricing plans

Talk to sales

Resources

Latest Blog posts

Protecting personal data

11 Steps to Jumpstart Your Compliance Process

15/11/2023

How to conduct Legitimate Interests Assessment (LIA) ?

15/10/2023

Data Discovery and GDPR-first step towards compliance

Data Discovery: Advancing your privacy program

08/10/2023

Learn the terms

Pseudonymization

Privacy by design

Data Protection Authority

Data Privacy

Transparency principle

Data Breach

Right to be forgotten

Data Removal

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

India’s Digital Personal Data Protection Act DPDP

13/10/2023

Saudi Arabia's Personal Data Protection Law PDPL e-book cover

Saudi Arabia’s Personal Data Protection Law PDPL

24/08/2023

Legal & Ethical Review & Mastering Informed Consent for Clinical Trial Studies

22/03/2023

Partners

Become a partner

About us

Careers

General Data Protection Regulation (GDPR)

GDPR

>

Chapter 5

>

Art. 46 — Transfers subject to appropriate safeguards

Article 46

Transfers subject to appropriate safeguards

Chapter 5

In the absence of a decision pursuant to Article 45(3), a controller or processor may transfer personal data to a third country or an international organisation only if the controller or processor has provided appropriate safeguards, and on condition that enforceable data subject rights and effective legal remedies for data subjects are available.
The appropriate safeguards referred to in paragraph 1 may be provided for, without requiring any specific authorisation from a supervisory authority, by:
1. a legally binding and enforceable instrument between public authorities or bodies;
2. binding corporate rules in accordance with Article 47;
3. standard data protection clauses adopted by the Commission in accordance with the examination procedure referred to in Article 93(2);
4. standard data protection clauses adopted by a supervisory authority and approved by the Commission pursuant to the examination procedure referred to in Article 93(2);
5. an approved code of conduct pursuant to Article 40 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights; or
6. an approved certification mechanism pursuant to Article 42 together with binding and enforceable commitments of the controller or processor in the third country to apply the appropriate safeguards, including as regards data subjects’ rights.
Subject to the authorisation from the competent supervisory authority, the appropriate safeguards referred to in paragraph 1 may also be provided for, in particular, by:
1. contractual clauses between the controller or processor and the controller, processor or the recipient of the personal data in the third country or international organisation; or
2. provisions to be inserted into administrative arrangements between public authorities or bodies which include enforceable and effective data subject rights.
The supervisory authority shall apply the consistency mechanism referred to in Article 63 in the cases referred to in paragraph 3 of this Article.
¹Authorisations by a Member State or supervisory authority on the basis of Article 26(2) of Directive 95/46/EC shall remain valid until amended, replaced or repealed, if necessary, by that supervisory authority. ²Decisions adopted by the Commission on the basis of Article 26(4) of Directive 95/46/EC shall remain in force until amended, replaced or repealed, if necessary, by a Commission Decision adopted in accordance with paragraph 2 of this Article.

Suitable recitals

Suitable recitals

(108) Appropriate Safeguards, (109) Standard Data Protection Clauses

General Data Protection Regulation (GDPR)

Suitable recitals

(108) Appropriate Safeguards, (109) Standard Data Protection Clauses