adequacy-assessment
Installation
SKILL.md
Assessing Third-Country Adequacy
Overview
GDPR Article 45 provides that the European Commission may determine that a third country, a territory, or one or more specified sectors within a third country, or an international organisation ensures an adequate level of protection for personal data. Where such an adequacy decision exists, transfers of personal data to the covered country, territory, or sector may take place without any specific authorisation or additional safeguard requirement. This skill guides the assessment of existing adequacy decisions and the handling of partial adequacy coverage.
Current EC Adequacy Decisions
As of March 2026, the European Commission has adopted adequacy decisions for the following countries and territories:
| Country/Territory | Decision Reference | Date Adopted | Scope | Periodic Review |
|---|---|---|---|---|
| Andorra | Decision 2010/625/EU | 19 October 2010 | Full country | Ongoing monitoring |
| Argentina | Decision 2003/490/EC | 30 June 2003 | Full country | Ongoing monitoring |
| Canada | Decision 2002/2/EC | 20 December 2001 | Commercial organisations subject to PIPEDA only | Ongoing monitoring |
| Faroe Islands | Decision 2010/146/EU | 5 March 2010 | Full territory | Ongoing monitoring |
| Guernsey | Decision 2003/821/EC | 21 November 2003 | Full territory | Ongoing monitoring |
| Israel | Decision 2011/61/EU | 31 January 2011 | Full country | Ongoing monitoring |
| Isle of Man | Decision 2004/411/EC | 28 April 2004 | Full territory | Ongoing monitoring |
Related skills