73 General principles for transfers of personal data
73 General principles for transfers of personal data

(1)     A controller may not transfer personal data to a third country or to an international organisation unless—

(a)     the three conditions set out in subsections (2) to (4) are met, and

(b)     in a case where the personal data was originally transmitted or otherwise made available to the controller or another competent authority by a member State other than the United Kingdom, that member State, or any person based in that member State which is a competent authority for the purposes of the Law Enforcement Directive, has authorised the transfer in accordance with the law of the member State.