Transfers Takeaways from GDPR Enforcement in Cloud Computing & Beyond

17 Pages Posted: 28 Jan 2022 Last revised: 19 May 2022

Date Written: January 24, 2022


What are the key takeaways from international transfers-related enforcement to date under the GDPR (EU General Data Protection Regulation), including in the cloud computing context?

After recapping the background, this article summarises the main practical lessons from such enforcement, and ends with a discussion of some problematic points regarding the transfers restriction including the EDPB recommendations on supplementary measures, and related policy questions.

It covers both court cases and action by GDPR supervisory authorities, summarised in the Appendix.

Keywords: international transfers,transfers,data protection,GDPR,cloud computing,Schrems II,enforcement, personal data, General Data Protection Regulation, supplementary measures, additional safeguards

JEL Classification: K2, K22, K20

Suggested Citation

Hon, W. Kuan, Transfers Takeaways from GDPR Enforcement in Cloud Computing & Beyond (January 24, 2022). Available at SSRN: or

W. Kuan Hon (Contact Author)

Imperial College London ( email )

South Kensington Campus
Exhibition Road
London, Greater London SW7 2AZ
United Kingdom

Do you have negative results from your research you’d like to share?

Paper statistics

Abstract Views
PlumX Metrics