Cross-border Processing

    When a processing of personal data has a connection to more than one member state of the EU it is called cross-border processing.

    The meaning of cross-border processing is defined in the GDPR as either:

    • processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State;
    • or processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.