How should data processing suppliers outside the EU be managed?

How should organisations in countries that have to comply with GDPR deal with organisations in countries that don’t? Cyber security keynote speaker Edward Lucas explains.

Edward Lucas from The Economist poses two questions for organisations to answer: how they look after the personally identifiable data (PID) in their organisation, and how they share PID with other organisations. Any organisation sharing data with suppliers or partners outside the EU will still be responsible for the security of that data. Some countries outside the EU such as Argentina are regarded as having adequate data security laws so transferring personal data to those countries is compliance risk free. But for other countries such as the USA organisations will need to make sure they take adequate steps to keep their data secure.