icon-grid
Better Regulation logo
Table of Contents

Table of Contents

Expand all headings Collapse all headings Expand side bar Collapse side bar
Directive 2016/680/EU - Police and Criminal Justice Authorities Directive (also known as Law Enforcement Directive (LED Directive))RecitalsChapter I General provisions (arts. 1-3)Article 1 Subject-matter and objectivesArticle 2 ScopeArticle 3 DefinitionsChapter II Principles (arts. 4-11)Article 4 Principles relating to processing of personal dataArticle 5 Time-limits for storage and reviewArticle 6 Distinction between different categories of data subjectArticle 7 Distinction between personal data and verification of quality of personal dataArticle 8 Lawfulness of processingArticle 9 Specific processing conditionsArticle 10 Processing of special categories of personal dataArticle 11 Automated individual decision-makingChapter III Rights of the data subject (arts. 12-18)Article 12 Communication and modalities for exercising the rights of the data subjectArticle 13 Information to be made available or given to the data subjectArticle 14 Right of access by the data subjectArticle 15 Limitations to the right of accessArticle 16 Right to rectification or erasure of personal data and restriction of processingArticle 17 Exercise of rights by the data subject and verification by the supervisory authorityArticle 18 Rights of the data subject in criminal investigations and proceedingsChapter IV Controller and processor (arts. 19-34)Section 1 General obligations (arts. 19-28)Article 19 Obligations of the controllerArticle 20 Data protection by design and by defaultArticle 21 Joint controllersArticle 22 ProcessorArticle 23 Processing under the authority of the controller or processorArticle 24 Records of processing activitiesArticle 25 LoggingArticle 26 Cooperation with the supervisory authorityArticle 27 Data protection impact assessmentArticle 28 Prior consultation of the supervisory authoritySection 2 Security of personal data (arts. 29-31)Article 29 Security of processingArticle 30 Notification of a personal data breach to the supervisory authorityArticle 31 Communication of a personal data breach to the data subjectSection 3 Data protection officer (arts. 32-34)Article 32 Designation of the data protection officerArticle 33 Position of the data protection officerArticle 34 Tasks of the data protection officerChapter V Transfers of personal data to third countries or international organisations (arts. 35-40)Article 35 General principles for transfers of personal dataArticle 36 Transfers on the basis of an adequacy decisionArticle 37 Transfers subject to appropriate safeguardsArticle 38 Derogations for specific situationsArticle 39 Transfers of personal data to recipients established in third countriesArticle 40 International cooperation for the protection of personal dataChapter VI Independent supervisory authorities (arts. 41-49)Section 1 Independent status (arts. 41-44)Article 41 Supervisory authorityArticle 42 IndependenceArticle 43 General conditions for the members of the supervisory authorityArticle 44 Rules on the establishment of the supervisory authoritySection 2 Competence, tasks and powers (arts. 45-49)Article 45 CompetenceArticle 46 TasksArticle 47 PowersArticle 48 Reporting of infringementsArticle 49 Activity reportsChapter VII Cooperation (arts. 50-51)Article 50 Mutual assistanceArticle 51 Tasks of the BoardChapter VIII Remedies, liability and penalties (arts. 52-57)Article 52 Right to lodge a complaint with a supervisory authorityArticle 53 Right to an effective judicial remedy against a supervisory authorityArticle 54 Right to an effective judicial remedy against a controller or processorArticle 55 Representation of data subjectsArticle 56 Right to compensationArticle 57 PenaltiesChapter IX Implementing acts (art. 58)Article 58 Committee procedureChapter X Final provisions (arts. 59-65)Article 59 Repeal of Framework Decision 2008/977/JHAArticle 60 Union legal acts already in forceArticle 61 Relationship with previously concluded international agreements in the field of judicial cooperation in criminal matters and police cooperationArticle 62 Commission reportsArticle 63 TranspositionArticle 64 Entry into forceArticle 65 AddresseesDone at
Page Overview
Related
Document Overview
Tools
Set a date to view the document
Text comparison options
Full text - Date 1 vs Date 2 
Amendments requiring commencement - Current text vs Text requiring commencement
Draft proposed changes - Current text vs Text proposed by drafting documents
Recently generated comparisons
None generated
Print / Export options
Current page
Whole document
Selected pages
Consolidated PDF of the entire document as of 19th April 2026
Export
Export line by line
Export provision to provision
Report template
Create report template
Alert me to changes
Manage alerts
Bookmarks
This page
This document
Manage bookmarks
Search within this document
View previous searches
Share
Get page link
Share via email application

AI Summary of Article 37 Transfers subject to appropriate safeguards

PreviousNext
Version status: Entered into force | Document consolidation status: No known changes
Version date: 5 May 2016 - onwards
Version 2 of 2

Article 37 Transfers subject to appropriate safeguards

1. In the absence of a decision pursuant to Article 36(3), Member States shall provide that a transfer of personal data to a third country or an international organisation may take place where:

(a) appropriate safeguards with regard to the protection of personal data are provided for in a legally binding instrument; or

(b) the controller has assessed all the circumstances surrounding the transfer of personal data and concludes that appropriate safeguards exist with regard to the protection of personal data.

2. The controller shall inform the supervisory authority about categories of transfers under point (b) of paragraph 1.

3. When a transfer is based on point (b) of paragraph 1, such a transfer shall be documented and the documentation shall be made available to the supervisory authority on request, including the date and time of the transfer, information about the receiving competent authority, the justification for the transfer and the personal data transferred.

PreviousNext