Articles
Cross-Border Transfers of KYC Data
How to lawfully transfer KYC data outside the EEA after Schrems II.
Published 3 June 2026
Mapping the transfer
Identify exporter, importer, country, categories of data and recipients.
Transfer mechanisms
Adequacy decisions, Standard Contractual Clauses, Binding Corporate Rules and derogations under Art. 49.
Transfer impact assessment
Assess third country law, surveillance regimes and the need for supplementary technical measures such as encryption with EU-held keys.
Documentation
Keep the TIA, the SCCs and the technical safeguards on file for AEPD inspection.