In the absence of a decision pursuant to Article 36 (3) of Directive (EU) 2016/680, transfers which meet the remaining requirements of Section 78 shall be permitted also if
appropriate safeguards with regard to the protection of personal data are provided for in a legally binding instrument; or
the controller has assessed all the circumstances surrounding the transfer and concludes that appropriate safeguards exist for the protection of personal data.
1 The controller shall document transfers pursuant to subsection 1 no. 2. 2 The documentation shall include the date and time of the transfer, the identity of the recipient, the reason for the transfer and the personal data transferred. 3 It shall be provided to the Federal Commissioner on request.
1 The controller shall file a report to the Federal Commissioner at least once a year covering transfers conducted on the basis of an assessment pursuant to subsection 1 no. 2. 2 In this report, the controller may categorize the recipients and the purpose of the transfers appropriately