LMNOPQRST
A comprehensive guide to how IFS manages international transfers of personal data, ensuring compliance with GDPR, Standard Contractual Clauses (SCCs), and EDPB recommendations.
Commonly asked questions about IFS’ international transfers of personal data
The General Data Protection Regulation (GDPR) requires that when personal data is transferred outside the European Union (EU) or European Economic Area (EEA), it must be granted an essentially equivalent level of protection in the country it is transferred to. These ‘international transfers’ are protected by several legal mechanisms designed to safeguard data subjects.
Stat Label
Stat Label
How IFS protects customer data transferred outside the EEA
IFS relies on EU Commission adequacy decisions and Standard Contractual Clauses (SCCs) for transfers of customer data to its non-EU sub-processing affiliates (Affiliates). This is supported by a variety of legal, technical, and operational safeguards. Furthermore, IFS conducts comprehensive transfer impact assessments (TIA), which are available on request, in line with the requirements of EU law and the EDPB Recommendations.
Implementation of Updated Standard Contractual Clauses
IFS has implemented the updated SCCs issued by the European Commission in June 2021. These updated clauses cover a broader range of scenarios and enhance data protection obligations for both data controllers and data processors. They also improve protections for individual data subjects. IFS is proactively incorporating these into all relevant intra-group, customer, vendor, and partner contracts within the permitted transition period.
Sub-Processor Management and Support
IFS carries out international transfers to its Affiliates to provide 'follow-the-sun' 24/7 support. All relevant non-EU Affiliates are bound by an intra-group Data Transfer and Processing Agreement which incorporates the protections of the SCCs. Details regarding these sub-processors are set out in the standard IFS Data Processing Addendum (DPA).
Compliance in a Changing Legal Landscape
Despite the invalidation of the Privacy Shield in July 2020, IFS remains compliant by relying on alternative transfer mechanisms like SCCs. Additionally, following Brexit, the UK has been granted an adequacy decision, permitting transfers of EEA customer data into the UK. IFS continues to monitor developments in the UK regarding potential new UK SCCs to ensure ongoing compliance for transfers out of the UK.
Download
You can view it in your browser now, or download a copy to read later.