I’m trying to find practical use case for the EDPB supplementary measures case #4 protected recipient.
I’m trying to assess if I can apply it to my client (processor in Clin. Trial). My client is UK/US based (w/ 2 entities in the EU) and processes patient data (pseudonymised) and medical staff data (in clear). For the patient data I would rely on use case #2 of the guidance but for the clear data, I’m unsure because the international data flow could be circumvented by keeping process in EU. Tx
Help! EDPB supplemental measures guidance Cases – Applicability
Share