APPLICATION FOR PERMIT

For the purposes of Article 24 of the Regulations, a Data Controller who seeks a permit from the Data Protection Office to transfer Personal Data to a Recipient which is not subject to laws and regulations which ensure an adequate level of protection must apply in writing to the Data Protection Office setting out:

(A) the identity and contact details of the Data Controller;
(B) the name and contact details of the Person within the Data Controller responsible for making the application for the permit;
(C) a description of the proposed transfer of Personal Data for which the permit is being sought, including a description of the nature of the Personal Data involved;
(D) the purpose of the proposed transfer of Personal Data;
(E) the classes of Data Subjects being affected;
(F) the identity of the proposed Recipient of the Personal Data;
(G) the jurisdiction of the proposed Recipient and a description of the laws and regulations which apply to the proposed Recipient in respect of Personal Data protection; and
(H) description of the safeguards to be put into place by the Data Controller, to ensure the security of the Personal Data should the relevant transfer take place.

The Data Controller must provide the Data Protection Office with any further information that the Data Protection Office requires to determine whether to grant a permit.

Rejection of an application for a permit

The Data Protection Office may refuse to grant a permit to transfer Personal Data.

Upon refusing to grant a permit, the Data Protection Office will inform the Data Controller in writing of the refusal and provide the reasons for the refusal.

Granting a permit to transfer Personal Data

The Data Protection Office may grant a permit to transfer Personal Data without conditions or with such conditions as it considers necessary.

Upon deciding to grant a permit, the Data Protection Office will inform the Data Controller of the decision and any conditions applicable to the permit.