International transfer of personal data

Special rules apply to international transfers of personal data.

General Data Protection Regulation (GDPR) applies data protection rules across the European Economic Area (EEA). This includes all EU countries and Iceland, Liechtenstein and Norway. Transferring personal data to a destination outside the EEA (known as a third country) must comply with transfer mechanisms prescribed by GDPR.

Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems


HSE Transfer Impact Assessment (TIA) form (Word, 84KB, 13 pages)

To request the Schrems compliance legal FAQ, and for queries, email:

For OoCIO international data transfer queries

For regional queries (for projects or data processing involving international data transfers not under governance of OoCIO):

For health research queries on international data transfers (for ethically-approved studies):

For legal issues or queries relating to completing the Transfer Impact Assessment (TIA), contact Office of Legal Services

Related link

Data Protection Commission: transfers of personal data to third countries or international organisations