🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays 🎙⏯ GDPR, AI & Cybersecurity: Upcoming webinars and replays
Call us on +(33)4 28 70 91 81
Log in

Article 96 of the GDPR: Relations with previous agreements between Member States

Home GDPR articles decrypted Article 96 of the GDPR: Relations with previous agreements between Member States
Article 96 of the GDPR concerns international agreements or them administrative arrangements concluded before May 24, 2016 between the Member States of the European Union. It specifies their validity in relation to the provisions of the GDPR.

Article 96 of the GDPR explained

According to Article 96, administrative agreements or arrangements concerning the transfer of personal data between Member States which were concluded before 24 May 2016:

  • remain in force until modified, replaced or revoked,
  • provided they are GDPR compliant.

This article therefore ensures a smooth transition between the old regulations and the GDPR, while maintaining the continuity of data exchanges within the framework of bilateral or multilateral agreements.

Why is this article important for your GDPR compliance?

This article mainly concerns institutional relations between Member States or public authorities, but it can also concern companies if they rely on existing cooperation agreements.

It is essential to verify that these previous agreements are GDPR compliant so that they remain valid.

How to comply with Article 96 of the GDPR?

  • Identify if you are partying to one data transfer agreement signed before May 2016.
  • Analyze its compatibility with the principles of the GDPR (transparency, security, personal rights, etc.).
  • In the event of non-compliance, initiate a procedure to update, replace or revoke the agreement concerned.

Examples of application of Article 96 of the GDPR

  • An agreement between two European ministries on the sharing of health data remains valid if it is GDPR aligned.
  • A previous agreement between police forces of two member countries on biometric data must be rechecked for compliance.
  • A partner company in an intergovernmental project involving data transfers must ensure the validity of existing legal bases.

Related Resources

Accelerate your compliance in just a few clicks

With our all-in-one solution, you can accelerate and ensure compliance easily:

  • Automate your compliance with our GDPR software
  • Supported or outsourced by our DPO experts
  • Raise awareness among your teams with our GDPR training e-learning

👉 Request a demo with an expert

⚡ Assess your situation in 15 minutes with our free, no-obligation GDPR self-diagnosis.
👉 GDPR: Self-assess now

Other articles
on the same subject