How should a transfer of data from a third country be interpreted when data are transferred to the organisation?
ANSWER
This depends on the organisation's relationship with the entity transferring data from a third country. If the organisation is a separate controller of the data received, the appropriate processing activities should be entered in the controller's record of processing activities.
If the organisation is a processor for an entity from a third country, the appropriate categories of processing should be entered in the processor's record.
Note: the requirements of Article 30(1)(e) GDPR and Article 30(2)(c) GDPR concern situations where the organisation itself transfers data. Therefore, if the organisation received data from a third country (but does not transfer them further itself), there is no obligation to note in the record that the organisation received data from a third country. There is no such requirement.


