On December 3, 2024, the European Data Protection Board (EDPB) released new guidelines concerning Article 48 of the GDPR, outlining how organizations should handle requests for personal data from non-European authorities. The EDPB also introduced a new European Data Protection Seal to enhance compliance certification across Europe.
These guidelines aim to assist organizations in evaluating requests from foreign public authorities for personal data sharing, which can be crucial for various purposes such as crime investigation, financial transaction verification, or medication approval.
Key Points
- Focus on lawful responses to data requests from foreign authorities under GDPR.
- Any response to such requests is considered a data transfer, necessitating adherence to GDPR.
- Organizations may need to evaluate legal bases for data transfer on a case-by-case basis if no international agreement exists.
The guidelines are currently open for public consultation until January 27, 2025.
