The rules that apply to when sending data to EU countries is not straightforward. The person who is sending that data will have to make an assessment as to whether making a transfer to the intended country has the appropriate safeguards and measures adequate for the specific cross-border transfer. The information regulator cannot give an exhaustive list of these countries because an assessment will differ case-by-case.