(2)
The Commission may find that a third country ensures an adequate level of protection. In that case, personal data may be transferred from the Member States without additional guarantees being necessary.
(7)
The Faeroese Act is based on the standards set out in Directive 95/46/EC and accordingly it covers all the basic principles necessary for an adequate level of protection of the right of natural persons to privacy with respect to the processing of personal data. The application of these standards is guaranteed by judicial remedy and by independent supervision carried out by the supervisory authority, the Data Protection Commissioner, who is invested with powers of investigation and intervention.
(8)
In the interest of transparency and in order to safeguard the ability of the competent authorities in the Member States to ensure the protection of individuals as regards the processing of their personal data, it is necessary to specify the exceptional circumstances in which the suspension of specific data flows may be justified, notwithstanding the finding of adequate protection.
3. If the information collected under Article 3 and under paragraphs 1 and 2 of this Article provides evidence that any body responsible for ensuring compliance with the standards of protection in the Faeroe Islands is not effectively fulfilling its role, the Commission shall inform the competent Faeroese authority and, if necessary, present draft measures in accordance with the procedure referred to in Article 31(2) of Directive 95/46/EC with a view to repealing or suspending this Decision or limiting its scope.
Member States shall take all the measures necessary to comply with the Decision by the end of a period of 90 days from the date of its notification to the Member States at the latest.