§ 79 Data transfers with appropriate safeguards

  1. In the absence of a decision pursuant to Article 36 (3) of Directive (EU) 2016/680, transfers which meet the remaining requirements of Section 78 shall be permitted also if
    1. appropriate safeguards with regard to the protection of personal data are provided for in a legally binding instrument; or
    2. the controller has assessed all the circumstances surrounding the transfer and concludes that appropriate safeguards exist for the protection of personal data.
  2. 1 The controller shall document transfers pursuant to subsection 1 no. 2. 2 The documentation shall include the date and time of the transfer, the identity of the recipient, the reason for the transfer and the personal data transferred. 3 It shall be provided to the Federal Commissioner on request.
  3. 1 The controller shall file a report to the Federal Commissioner at least once a year covering transfers conducted on the basis of an assessment pursuant to subsection 1 no. 2. 2 In this report, the controller may categorize the recipients and the purpose of the transfers appropriately

Content of the FDPA (new)

Chapter 1 – Legal basis for processing personal data
Sub-chapter 1 – Processing of special categories of personal data and processing for other purposes

Sub-chapter 2 – Special processing situations

Chapter 2 – Rights of the data subject

Chapter 3 – Obligations of controllers and processors

Chapter 4 – Supervisory authorities for data processing by private bodies

Chapter 5 – Penalties

Chapter 6 – Legal remedies

Chapter 1 – Scope, definitions and general principles for processing personal data

Chapter 2 – Legal basis for processing personal data

Chapter 3 – Rights of the data subject

Chapter 4 – Obligations of controllers and processors

Chapter 6 – Cooperation among supervisory authorities

Chapter 7 – Liability and penalties