This document seeks to provide guidance as to the application of Articles 46 (2) (a) and 46 (3) (b) of the General Data Protection Regulation (GDPR) on transfers of personal data from EEA public authorities or bodies to public bodies in third countries or to international organisations, to the extent that these are not covered by an adequacy finding adopted by the European Commission.
The guidelines are intended to give an indication as to the expectations of the European Data Protection Board (EDPB) on the safeguards required to be put in place by a legally binding and enforceable instrument between public bodies pursuant to Article 46 (2) (a) GDPR or, subject to authorisation from the competent supervisory authority (SA), by provisions to be inserted into administrative arrangements between public bodies pursuant to Article 46 (3) (b) GDPR. The EDPB strongly recommends parties to use the guidelines as a reference at an early stage when envisaging concluding such instruments or arrangements.