Data Transfer Impact Assessment

What is Data Transfer Impact Assessment (TIA)?

A Data Transfer Impact Assessment (TIA) is an analysis performed by a data controller or by a data processor of the security implications of a personal data transfer to countries outside the EU/EEA.

It is an assessment of the privacy protections of laws and regulations of a recipient country outside of the EU/EEA. Evaluation of the Article 46 GDPR transfer tool in light of the legal framework and practical application of the law in the destination country.

What’s our approach in performing Transfer Impact Assessment (TIA)?

According to Recommendations 01/2020 of EDPB, the data exporter must take the following steps to assess if there is a need to put in place supplementary measures to be able to legally transfer data outside the EU/EEA:

  • Step 1: Know your transfers. (Very important first step!)

  • Step 2: Identify the transfer tools you are relying on. (Know your environment and setup)

  • Step 3: Assess the laws and practices in the country of destination of the data and the effectiveness of the transfer tool. (Know the country's laws or at least assess them)

  • Step 4:Identify and adopt supplementary measures - according to Article 46 GDPR Transfer Tools these are:
    • Legally Binding and Enforceable Instruments Between Public Authorities or Bodies.
    • Binding Corporate Rules (BCRs).
    • Standard Data Protection Clauses (SDPCs), a.k.a. SCCs.
    • Approved Codes of Conduct.
    • Approved Certification Mechanisms.

  • Step 5:Implement the supplementary measures and take procedural steps necessary for successful TIA implementation.

How can we help you and what’s our service behind TIA?

1. Assess your current environment and implementation (steps 1 to 4 from above) and provide you with an analysis report (e.g. gap analysis).

2. Gap analysis report will include analyzed information from the collected documents, and processes through questions and interviews.

3. Assessment would be based on a qualitative risk management process using probability and impact matrix and would include Technological, Organizational, Political, Legal and Sociological aspects that are vital for performing Transfer Impact Assessment accordingly (TIA).

4. We will create a report and presentation and provide you with a full TIA report that you can use to comply with EU regulations and legislation fully!

Compliance is not scary, however, it requires expertise and timely involvement!

We are here to help you achieve maximum results out of your operations! Do not hesitate to contact us to tackle every security and compliance challenge that you have effectively!

If you need more information, write to us on the contact form.!