These transfers are governed by the provisions of Chapter 7 of the Criminal Data Protection Act, which deviate from the articles of the GDPR relating to the transfer of personal data. 3) The recipient is a separate entity or an individual. These include transfers to another company within the same group. The UK Government stated that at the end of the transitional period, the transfer of data from the UK to the EEA would be allowed. He says he will control this. All adequacy decisions taken so far by the European Commission also concern restricted transmissions from EEA states. The EEA Joint Committee must take a formal decision with a view to adopting future adequacy decisions by the European Commission so that they can cover limited transfers from EEA States. 1) The GDPR applies to your processing of the personal data you have transferred. Where the data cannot be transmitted to the Commission pursuant to an adequacy decision, the organisation must examine the possibility of transmitting them on the basis of appropriate safeguards.
Appropriate safeguards include, for example, standard clauses and binding corporate rules. This exception expressly states that it may only be used for occasional limited transmissions. This means that limited transmission can occur more than once, but not regularly. If you regularly make limited transfers, you must take appropriate security measures. They should not rely on this exception for systematic transfers. Instead, you should consider one of the appropriate protective measures. You should only use it in certain situations, and each time you should convince yourself that the transmission is necessary for an important reason of public interest. This is the case in the event of a medical emergency where the transfer is necessary to provide the necessary medical care.
The immediate risk of serious harm to individuals must prevail over all data protection concerns. . . .