Research

Cross-border information flows in a globally connected world are essential to conducting international business. Personal information is in the European Union protected by a fundamental right to data protection under the General Data Protection Regulation (GDPR) and supplementing EU Member State laws. This article explains the legal framework for personal data transfers from the Union, in particular, if the data protection level in the recipient country is below the European standards, and provides an assessment of some of the practical issues for global businesses.