Organizations must obtain meaningful consent and are accountable for personal information transferred to third parties.
Cross-border transfers to non-adequate countries require SCCs, BCRs, or other safeguards.