Personal Data Transfers Outside the European Economic Area in the Insurance Sector Context

Abstract

The article aims to cite and synthetically analyse key regulations in the field of personal data transfers outside the European Economic Area, taking into account the specificity and requirements of the insurance sector. It covers both national and European legislations, recent case law, guidelines of competent authorities as well as relevant industry standards. It also identifies the key risks for personal data controllers, particularly in the context of the Schrems II case and related requirements defined in the guidelines of the European Data Protection Board. In addition, it presents general recommendations on best practices related to the adequate protection of personal data transfers for the insurance sector entities.