When transferring personal data to a third country, organisations must put in place appropriate safeguards to ensure the protection of personal data. Organisations should ensure that data subjects’ rights will be respected and that the data subject has access to redress if they don’t, and that the GDPR principles will be adhered to whilst the personal data is in the third country.
Appropriate safeguards may consist of using Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs).