If you are planning a stay abroad in a non-EU country, please note that the EU General Data Protection Regulation (GDPR) does not apply in so-called third countries. There might not be a so-called "adequacy decision" of the EU Commission on a level of data protection comparable to the EU for the third country in which you will be staying. There are also no so-called "suitable guarantees" (specific, officially approved data protection rules). If you transfer your data to an institution in these countries (e.g. host university, internship institution, research institution, language course provider, public authorities, etc.), it cannot be ruled out that public authorities, companies or private persons there may gain knowledge of your personal data and your identity, which would not be allowed in the European Union. There are therefore the following possible risks of which you should be aware:

• The data protection laws or regulations or their application in the third country may have a lower level of protection than in the EU. For example, the level of data protection in the USA is lower. Security authorities, public prosecutors, narcotics authorities, etc. may access data without judicial or other control. This also applies to other countries, such as the People's Republic of China.
• You may have fewer or less enforceable data subject rights there than in the EU.
• The recipient of the data may not be supervised by an independent, enforceable and cooperating supervisory authority which would also support you in the event of any complaints. This applies, for example, to the USA, the PR China and other countries.

You should be aware of these risks and, if necessary, check the data protection regulations that apply in your intended host country.