41. (1) A transfer of personal data to a another country or a relevant international organisation is based on the existence of appropriate safeguards where—
(a) a legal instrument containing appropriate safeguards for the protection of personal data binding the intended recipient that is essentially equivalent to the protection under the Act and these Regulations; or
(b) the data controller, having assessed all the circumstances surrounding transfers of that type of personal data to another country or relevant international organisation, concludes that appropriate safeguards exist to protect the data.
(2) Where a transfer of data takes place in reliance on sub-
regulation (1)—
(a) the transfer shall be documented;
(b) the documentation shall be provided to the Commissioner on request; and
(c) the documentation shall include—
(i) the date and time of the transfer;
(ii) the name of the recipient;
(iii) the justification for the transfer; and
(iv) a description of the personal data transferred.