When it comes to entering into new agreements with non-EU providers that involve the processing of EU personal data, if in doubt – don’t, says Norway DPA Datatilsynet.

“One must be prepared for the fact that new agreements involving the illegal transfer of personal data to third countries may be considered more severely than existing agreements,” according to Norway’s Data Protection Authority.

Key takeaways from Datatilsysnet’s new Q&A on cross-border data transfers in this client alert.