On July 18, SIC launched a consultation on a draft regulation (source document in Spanish) regarding cross-border data transfers. The draft regulation establishes the criteria SIC would use to determine if a third country provides an adequate level of data protection. The data regulation also provides an updated list of countries granted adequacy status for purposes of cross-border transfers. The criteria discussed include the existence of rules for lawful data processing, the recognition of data subjects' rights and obligations for data controllers and data processors, and the presence of a supervisory authority.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.