§ 54 LDSG SH
General conditions
(1)The transfer of personal data to bodies in third countries or to international organisations shall be lawful where the other conditions applicable to data transfers are met if 1. the body or international organisation is competent for the purposes referred to in § 20, and 2. the European Commission has adopted an adequacy decision pursuant to Article 36(3) of Directive (EU) 2016/680.
(2)The transfer of personal data shall not take place notwithstanding the existence of an adequacy decision within the meaning of paragraph 1 number 2 and the public interest to be taken into account in the data transfer, where in the individual case an adequate handling of the data that safeguards the fundamental human rights is not sufficiently ensured at the recipient, or otherwise overriding legitimate interests of a data subject are opposed. In his or her assessment, the controller shall take into account in particular whether the recipient guarantees adequate protection of the transmitted data in the individual case.
(3)Where personal data that have been transmitted from or made available by another Member State of the European Union are to be transferred pursuant to paragraph 1, this transfer must first be authorised by the competent body of the other Member State. Transfers without prior authorisation shall be permissible only where the transfer is necessary to avert an immediate and serious danger to the public security of a State or to the essential interests of a Member State, and the prior authorisation cannot be obtained in time. In the case of sentence 2, the body of the other Member State that would have been competent to grant the authorisation shall be informed of the transfer without undue delay.
(4)The controller who transfers data pursuant to paragraph 1 shall ensure by appropriate measures that the recipient shall only onward-transfer the transmitted data to other third countries or other international organisations where the controller has authorised such transfer in advance. In deciding whether to grant authorisation, the controller shall take into account all relevant factors, in particular the severity of the criminal offence, the purpose of the original transfer and the level of protection of personal data in the third country or international organisation to which the data are to be onward-transferred. Authorisation may only be granted where a direct transfer to the other third country or the other international organisation would also be permissible. The competence for granting authorisation may also be otherwise regulated. zur Einzelansicht § 54