The adequacy of protection referred to in subsection (1) shall be assessed taking into account the —

(a) availability of enforceable data subject rights, the ability of a data subject to enforce such rights through administrative or judicial redress,
and the rule of law;

(b) existence of any appropriate instrument between the Commission and a competent authority in the recipient jurisdiction that ensures adequate data protection;

(c) access of a public authority to personal data;

(d) existence of an effective data protection law;

(e) existence and functioning of an independent, competent data protection, or similar supervisory authority with adequate enforcement powers; and

(f ) international commitments and conventions binding on the relevant country and its membership of any multilateral or regional organisations.