Companies that transfer personal data across country or jurisdictional borders can face strict requirements—such as those that apply in the European Union (EU)—as well as stiff penalties for violating these requirements.

For example, the EU’s General Data Protection Regulation (GDPR) imposes restrictions on a company that transfers personal data (such as personal data of employees, customers, or patients) from the EU to the United States. And if the company doesn’t comply with those restrictions, in some cases, it could face fines of up to the greater of €20 million or 4 percent of its worldwide annual revenue from the preceding financial year.

Knowing and complying with the GDPR and other ex-U.S. data protection laws is essential to a company’s transnational business operations.

Domestic and multinational companies and vendors across industries rely on Epstein Becker Green’s Privacy, Cybersecurity & Data Asset Management team—which includes industry-recognized privacy and security professionals, litigators, transactional lawyers, and a member of the privacy and security and government relations working groups of the ISAO Standards Organization—to keep them in compliance when making cross-border data transfers.

Read more

How We Help

Clients turn to us to help them navigate international data transfer restrictions to facilitate cross-border transactions. We prepare multinational data protection policies and draft and review vendor and data processor agreements for compliance with data transfer standards and safeguards under the GDPR (including Standard Contractual Clauses (SCCs) and Binding Corporate Rules), the EU-U.S. Data Privacy Framework and the U.K. and Swiss extensions thereto, the APEC Cross-Border Privacy Rules System, and other international frameworks. We also analyze what supplementary measures certain data transfers might call for, handle derogations under Article 49 of the GDPR, and conduct data transfer impact assessments. In addition, we keep clients informed about other international cooperation mechanisms to protect personal data that may become enforceable.

Clients value our sound data protection guidance, which helps them minimize the risk of data protection violations.

Read less

Focus Areas


  • Preparation and review of SCCs and International Data Transfer Agreements.
  • Preparation and review of Data Protection Addendums that address international data privacy requirements.
  • Advice and counsel to organizations concerning extraterritoriality impact under international data privacy standards.
  • Advice and counsel concerning website collection and use of personal data through cookies and other technologies.
  • Licensing of software and platforms in compliance with international data privacy requirements.




Jump to Page

Privacy Preference Center

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. Click on the different category headings to find out more and change our default settings. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.

Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.