A data transfer according to the GDPR is any movement of personal data from one organization or country to another. It includes both physical and electronic transfers, such as copying a file onto a USB drive or sending it over the internet. However, a data transfer already exists when data is held ready for retrieval.
Data transfers are subject to certain restrictions under the GDPR, including obtaining explicit consent from individuals whose data is being transferred, ensuring that appropriate safeguards are in place for international transfers, and providing notification of any potential risk associated with such transfers.