https://www.oaic.gov.au/privacy/guidance-and-advice/australian-en...

https://www.oaic.gov.au/privacy/guidance-and-advice/australian-entities-and-the-eu-general-data-protection-regulation/

Overseas transfers of personal dataUnder the GDPR, personal data may be transferred outside the EU to countries or international organisations that provide an adequate level of data protection. The GDPR sets out in detail the factors the EU Commission is to consider when deciding whether a third country or international organisation ensures an adequate level of protection (Article 45).[24] The European Data Protection Board (which replaces the Article 29 Working Party) is required to provide the Commission with an opinion assessing the adequacy of a country or organisation’s level of data protection (Article 70(1)(s)).In the absence of an adequacy decision, overseas transfers are permitted in some limited circumstances, on condition that individual’s enforceable rights and effective remedies are available and, where appropriate, safeguards are in place. Such appropriate safeguards include:the data controller has in place approved ‘binding corporate rules’ that enable transfers within a corporate groupthe data controller has entered into an agreement that contains the ‘standard data protection clauses’ adopted by the EU Commission or a data protection authorityapproved codes of conduct are in place, and the recipient controller or processor gives binding and enforceable commitments to apply appropriate safeguardsan approved certification has been made by an accredited body, and the recipient controller or processor gives binding and enforceable commitments to apply appropriate safeguards (Article 46)In the absence of an adequacy decision or appropriate safeguards such as those outlined above, overseas transfers are also permitted in very specific situations. An example is where an individual explicitly consents to the proposed transfer after they have been provided with certain information about the possible risks associated with the transfer (Article 49).