Resource Center / Tools and Trackers / Global data transfer contracts
Global data transfer contracts
This infographic shows the jurisdictions that have taken steps to standardize draft contractual clauses for transferring personal data internationally.
Last updated: May 2024
Contributor:
The proliferation of new and updated data privacy laws around the world has resulted in a marked rise in the number of data transfer mechanisms. One such mechanism – and one of the most prevalent – is the implementation of contractual clauses between the data exporter and the data importer. These contractual clauses purport to govern how the data importer will process the personal data transferred to it. The clauses extend certain privacy safeguards which exist and are applicable to the data exporter and data importer in another jurisdiction.
This infographic shows the jurisdictions that have taken steps to standardize draft contractual clauses for transferring personal data internationally. There are at least 23 draft, template, or standardized contractual clauses or undertakings for international data transfers covering over 77 jurisdictions.
For information on global data adequacy capabilities, see this infographic.
Future research by the IAPP will detail the implementation of data transfer mechanisms across the globe, similarities and differences between them, and key takeaways for privacy professionals.
The IAPP Resource Center additionally hosts an "International Data Transfers" topic page, which updates regularly with the latest news and resources.
There are at least 23 draft, template or standardized contractual clauses or undertakings for international data transfers covering transfers from 77 jurisdictions.
Regions
Association of Southeast Asian Nations
Brunei
Cambodia
Indonesia
Laos
Malaysia
Myanmar
Philippines
Singapore
Thailand
Vietnam
All European Economic Area states
Albania
Andorra
Armenia
Azerbaijan
Bosnia and Herzegovina
Georgia
Moldova
Monaco
Montenegro
North Macedonia
San Marino
Turkey
United Kingdom
Latin American Data Protection Board (RIPD)
Andorra
Argentina
Brazil
Chile
Colombia
Colombia
Mexico
Panama
Peru
Portugal
Spain
Uruguay
Austria
Belgium
Bulgaria
Croatia
Cyprus
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hungary
Iceland
Ireland
Italy
Latvia
Liechtenstein
Lithuania
Luxembourg
Malta
Netherlands
Norway
Poland
Portugal
Romania
Slovakia
Slovenia
Spain
Sweden
Individual jurisdictions
Jurisdictions part of multiple regional contracts
Argentina†
Brazil†
Peru†
Portugal*
Spain*
Uruguay†
† Covered by their own and RIPD contracts. | * Covered by EEA and RIPD contracts.