Which document outlines cross-border data transfer rules according to GDPR?

The General Data Protection Regulation (GDPR) is the key legal framework that governs data protection and privacy in the European Union. Among its various provisions, the GDPR specifically addresses cross-border data transfers, outlining the rules and conditions under which personal data can be transferred outside of the EU and the European Economic Area (EEA).

These rules are crucial as they ensure that the level of data protection is not undermined when personal data is sent to countries that may not have the same stringent protections as those within the EU. The GDPR sets forth requirements such as the need for adequacy decisions, Standard Contractual Clauses, and Binding Corporate Rules, which are mechanisms to ensure that data is protected adequately during such transfers.

The other options do not specifically address cross-border data transfer regulations. For example, the Data Protection Directive was superseded by the GDPR and does not encompass the more comprehensive cross-border regulations that the GDPR mandates. The Data Subject's Rights Declaration and the Data Privacy Agreement also do not focus on the cross-border transfer provisions; instead, they pertain to individual rights and privacy agreements, respectively. Thus, the General Data Protection Regulation is the correct choice as it explicitly includes the rules governing cross-border data transfers.