How the EU determines if a non-EU country has an adequate level of data protection
The European Commission has the power to determine, on the basis of article 45 of Regulation (EU) 2016/679 whether a country outside the EU offers an adequate level of data protection. The adoption of an adequacy decision involves: a proposal from the European Commission; an opinion of the European Data Protection Board; an approval from representatives of EU