Private sector companies face a major challenge in ensuring compliance with the many detailed data protection rules that can apply. The compliance burden is further increased if a business enterprise operates in several countries with different data protection rules. This may complicate the exchange of data within the enterprise. The purpose of this article is to plot a path through these rules governing the transfer of personal data abroad.