What’s our approach in performing Transfer Impact Assessment (TIA)?
According to Recommendations 01/2020 of EDPB, the data exporter must take the following steps to assess if there is a need to put in place supplementary measures to be able to legally transfer data outside the EU/EEA:
- Step 1: Know your transfers. (Very important first step!)
- Step 2: Identify the transfer tools you are relying on. (Know your environment and setup)
- Step 3: Assess the laws and practices in the country of destination of the data and the effectiveness of the transfer tool. (Know the country's laws or at least assess them)
- Step 4:Identify and adopt supplementary measures - according to Article 46 GDPR Transfer Tools these are:
- Legally Binding and Enforceable Instruments Between Public Authorities or Bodies.
- Binding Corporate Rules (BCRs).
- Standard Data Protection Clauses (SDPCs), a.k.a. SCCs.
- Approved Codes of Conduct.
- Approved Certification Mechanisms.
- Step 5:Implement the supplementary measures and take procedural steps necessary for successful TIA implementation.
How can we help you and what’s our service behind TIA?
1. Assess your current environment and implementation (steps 1 to 4 from above) and provide you with an analysis report (e.g. gap analysis).
2. Gap analysis report will include analyzed information from the collected documents, and processes through questions and interviews.
3. Assessment would be based on a qualitative risk management process using probability and impact matrix and would include Technological, Organizational, Political, Legal and Sociological aspects that are vital for performing Transfer Impact Assessment accordingly (TIA).
4. We will create a report and presentation and provide you with a full TIA report that you can use to comply with EU regulations and legislation fully!