Personal data transfers within the EEA
An equal level of data protection applies within the European Economic Area (EEA). This is because all EEA countries are obliged to comply with the General Data Protection Regulation (GDPR).
On this page
If personal data is transferred to a party in another country within the EEA, we call this a 'transfer within the EEA'. The EEA consists of all EU member states plus Norway, Iceland and Liechtenstein. As the same data protection rules apply in all these countries under the GDPR, transfers within the EEA are permitted without the need for additional (legal) agreements.
However, this does not mean organisations can simply share personal data. They always need a clear legal basis for processing personal data, and it must be made clear to data subjects what will happen to their data.
In short: the EEA serves as a single territorial jurisdiction for the protection of personal data, within which the same rules apply. If your organisation transfers personal data from the Netherlands to another country in the EEA, or receives data from a party in another EEA country, you must comply with the GDPR.