Privacy Glossary

Cross-Border Transfer

The transfer of personal data from one country to another, subject to restrictions under data protection laws.

GDPRDPDP ActPDPAPIPEDA

Full Definition

A cross-border transfer occurs when personal data is transferred to, stored in, or accessed from a country outside the jurisdiction where it was originally collected. Most data protection regulations impose restrictions on such transfers to ensure data subjects' rights remain protected. Under GDPR, transfers outside the EEA require an adequacy decision, Standard Contractual Clauses, Binding Corporate Rules, or another valid mechanism. Under India's DPDP Act, the central government will notify countries to which transfers are permitted. Organisations must map all cross-border data flows to ensure compliance.

Back to all terms

Related terms

Standard Contractual Clauses

Pre-approved contract clauses issued by the European Commission for lawfully transferring personal data outside the EEA.

Data Fiduciary

The Indian equivalent of a Data Controller under the DPDP Act — an entity that determines the purposes and means of processing personal data.

Data Processor

An entity that processes personal data on behalf of and under the instructions of a Data Controller.

Relevant regulations

GDPR

DPDP Act

PDPA

PIPEDA

Browse more terms

Explore all 25 privacy and compliance terms in our glossary.

View full glossary

Automate your privacy program

TruePrivacy handles DSRs, consent management, data mapping, and breach response — all in one platform.

Start Free Trial Book a Demo