(108) If an adequate level of data protection is not established, the controller or processor should take measures to compensate for the lack of data protection in the third country by providing adequate safeguards to the data subject. Such adequate safeguards may consist of the use of binding corporate rules, standard data protection clauses adopted by the Commission, standard data protection clauses adopted by the supervisory authority, or contractual clauses permitted by the supervisory authority. These safeguards should ensure that the same data protection requirements and rights of data subjects as for intra-EU processing are respected, including ensuring the availability of enforceable data subject rights and effective remedies - including the right to effective administrative or judicial redress and to claim compensation - in the Union or in a third country. These should relate in particular to compliance with the general principles relating to the processing of personal data and the principles of data protection by design and data protection by default. Also, public authorities or entities may transfer data to public authorities or entities in third countries or to international organizations with analogous duties or functions, including on the basis of provisions that should be included in administrative arrangements, such as memoranda of understanding, and that should provide for enforceable and effective rights for data subjects. If safeguards are included in non-legally binding administrative arrangements, authorization must be obtained from the relevant supervisory authority.