SaaS suppliers and SaaS customers can only lawfully transfer personal data to sub-processors located outside of the UK, Switzerland or the EEA, (make a restricted transfer) if a recognized transfer mechanism is in place to protect the personal data being transferred.
Continue reading