The European Data Protection Supervisor (EDPS) has issued  guidelines to organisations that export data outside the EU. The EDPS said that increased use of cloud computing and mobile applications had created new challenges but that the principle of adequate protection must always be adhered to when data was being exported. The EDPS said that it would use supervision and enforcement tools to ensure that the right of EU citizens to the protection of their data was bring respected, including imposing temporary or permanent export bans on non-compliant organisations. Some organisations would, in addition, be required to undergo prior checks where a data transfer outside the EU was likely to present specific risks to the rights and freedoms of data subjects.

European Data Protection Supervisor – the transfer of personal data to third countries and international organisations by EU institutions  and bodies – Position Paper – July 2014