I think the idea is that the Commission maintains a list of countries to which it is OK to transfer data. The list is referenced from the regulation, but maintained by the Commission. Effectively, the Commission can adjust the legislation by buereaucratic pen-stroke, by altering the list.
I don't know whether it can operate retrospectively; for example, if you were off the list for a few years, but are now OK again, does that mean that your tech companies can't be chased for what they were doing when it wasn't OK?
I'd also like to know how this affects the UK. I don't know whether the UK implements the Commission's list in our legislation.
I think the idea is that the Commission maintains a list of countries to which it is OK to transfer data. The list is referenced from the regulation, but maintained by the Commission. Effectively, the Commission can adjust the legislation by buereaucratic pen-stroke, by altering the list.
I don't know whether it can operate retrospectively; for example, if you were off the list for a few years, but are now OK again, does that mean that your tech companies can't be chased for what they were doing when it wasn't OK?
I'd also like to know how this affects the UK. I don't know whether the UK implements the Commission's list in our legislation.
Like I said, I haven't had a chance to dig yet.