Contact us

EDPB adopts final guidelines on transfers to third country authorities

On 5 June 2025 the EDPB adopted the final version of its guidelines on data transfers to third country authorities. These guidelines aim to help organisations to assess when they can “lawfully respond to requests for a transfer of personal data from third country authorities.”

The guidelines clarify that judgments/decisions from third country authorities cannot automatically and directly be recognised or enforced in an EU member state. Generally recognition and enforceability is based on international agreements.

In the executive summary the EDPB makes it clear that, notwithstanding any international agreements, “if a controller or processor in the EU receives and answers a request from a third country authority for personal data, such data flow is a transfer under the GDPR and must comply with Article 6 and the provisions of Chapter 5.” It is worth noting, however, that an international enforcement agreement may provide for a legal basis and a ground of transfer.

The guidelines can be found here.

Share:

Facebook
X
Pinterest
LinkedIn

Related Posts

View all
News

UK Cyber Security and Resilience bill enters parliament

On 12 November 2025 the Cyber Security and Resilience (Network and Information Systems) Bill was introduced to the UK Parliament....

Read more
News

European Commission publishes digital omnibus regulation

On 19 November 2025 the EU Commission published its draft digital omnibus regulation. The regulation proposes changes to a number...

Read more
News

Commercial Court in Madrid fines Meta EUR 497 million

On 19 November 2025 the commercial court in Madrid ordered Meta to pay compensation for anti competitive behaviour, using unlawful...

Read more
Guidance

Completing Your Article 30 Record of Processing Activities (ROPA) Under UK GDPR

A Record of Processing Activities (ROPA) is a cornerstone of UK GDPR compliance. Knowing what personal data you process, why...

Read more
News

CJEU confirms that free user accounts can constitute a “sale” under the ePrivacy Directive

On 13 November 2025 the CJEU handed down judgment in the case of Inteligo Media SA (Inteligo) v Autoritatea Naţională...

Read more
News

Polish data protection authority fines telecommunications operator EUR 4.5 million

On 14 November 2025 the Polish data protection authority fined a telecommunications operator EUR 4.5 million in relation to several...

Read more

Our experience...

Speaks for itself through collaboration with leading global brands such as…

  • Tech giants
  • Health tech start-ups
  • Forward-thinking financial institutions
  • Global dating app
  • One of the largest entertainment record labels globally
  • Shopping meccas
  • National broadcasters
  • Professional services firms and regulators
Contact us
0 +

Sector specialisms and in-depth experience

0 %

Client retention rate and long lasting relationships

0 s

Learners who complete our data protection training each year

Skyscanner logo

Don't just take our word for it

“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”

Gemma Witham
Director of Legal (Privacy), Group Privacy Officer, Sykscanner Limited

HR Dept logo

Don't just take our word for it

“We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them.”

Serena May
Director, Southern HR Ltd

AETNA logo

Don't just take our word for it

“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time.”

Craig Saunders
Head of International Privacy, Aetna Global Benefits (UK) Ltd

 

Frasers Hospitality logo

Don't just take our word for it

“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”

Frasers Hospitality (UK) Ltd

Chartered Accountants Worldwide logo

Don't just take our word for it

“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”

Ruth Hidalgo
Director, Chartered Accountants Worldwide

Cadogan logo

Don't just take our word for it

“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”

Sanjay Patel
Finance Director, Cadogan Group Limited

Compre logo

Don't just take our word for it

“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”

Federica Cozzani
Senior Legal Counsel, Compre Group

Outlogic logo

Don't just take our word for it

“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”

Joshua Anton
CEO, Outlogic

Vue logo

Don't just take our word for it

“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!”

Clare Russell
Interim Head of Legal, Vue UK and Ireland

Jigsaw logo

Don't just take our word for it

“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team.”

Josh Towb
Head of Business Transformation, Jigsaw

Channel 4 logo

Don't just take our word for it

“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them.”

Rebecca Miller
Channel 4

Mug of coffee

Let’s chat

Book a free 30 min discovery call with our expert team and we’ll advise how we can help.

Contact us