DATA 4.2.1

For the purposes of Article 17(2)(B) of the Data Protection Regulations, a Data Controller must notify the QFC Authority of any of the following Personal DataProcessing operations undertaken other than in accordance with a permit issued by the QFC Authority:

(A) any Personal DataProcessing operation or set of operations involving the Processing of Sensitive Personal Data; and
(B) any Personal DataProcessing operation or set of operations involving the transfer of Personal Data to a Recipient outside of the QFC which is not subject to laws and regulations which ensure an adequate level of protection.
Derived from QFC RM01/2005 (as from 17th October 2005).