We must store personal data only in servers physically located in the EU or other "adequate" territory.
...
But - this is the 21st century.There's this thing called the Internet.Organisations physically located in geographic location A can remotely access data stored in geographic location B.
...
If the third country's already grabbed it (strictly, made a copy of it), then deleting it from your third country storage afterwards or "repatriating" it afterwards isn't actually going to magically delete their copy....
But - even EU-incorporated service providers might want to expand outside the EU.In fact, the EU would quite like them to be successful enough to be able to sell their goods and services abroad, and make money from non-EU countries.
...
The core issue should be, not the adequacy of a third country's laws, but the adequacy of protection for personal data there.
[
add
]
[
|
|
...
]