Transfer Impact Assessment (TIA)
Review and evaluation of data transfers to third countries and advice on protective measures from specialised lawyers.
Compliance builds sustainable trust
Does my company have to carry out a TIA?
If you want to transfer personal data to a third country outside the EU or EEA, you will need additional data protection safeguards such as Standard Contractual Clauses (SCC).
However, according to the Schrems II ruling of the Court of Justice of the European Union (CJEU), the conclusion of SCCs is not sufficient. Instead, you have to prove that the protection of personal data in the recipient country is de facto comparable to that in the EU.
This is where the Transfer Impact Assessment comes into play as a risk assessment for data transfers to unsafe third countries. It enables both the data exporter and the data importer to check the legality of the transfer in advance and to take appropriate protective measures.
Transfer impact assessment by experts
The CJEU has deliberately set the bar for a TIA very high. When assessing the risk, both the legal framework in the recipient country and the actual local customs must be taken into account. Therefore, a TIA can only be carried out by experts with appropriate legal, local knowledge and linguistic skills.
As part of our advice on data transfer to third countries, we offer the following services, among others:
- Review of the concluded standard contractual clauses with subsequent review report
- Review of the specific circumstances of the transfer with a subsequent assessment of the level of protection in third countries (risk assessment)
- Review and assessment of the laws and practices of the third country of destination based on prepared questionnaires for third country service providers.
- Advice on effective additional measures within the data transfer process
- Preparation of an individual opinion including risk analysis of the present data transfer in accordance with the requirements of the EDPB and clause 14 of the SCCs.
- Depending on the sensitivity of the processing, we can additionally carry out a subsequent data protection impact assessment (DPIA)
Four good reasons why you should rely on the experts at activeMind.legal when it comes to a TIA
Comprehensive expertise
Practical implementation
Experience with authorities
International orientation
Non-binding request
In order for us to understand your request in the best possible way, please provide us with some information about the planned data transfer or TIA in advance.
One of our employees will get back to you within two working days with a proposed appointment for an initial phone call.
Our experts are all legal professionals and as such where they are not mandated by statute to maintain confidentiality they are bound by be the ethics of their profession and will naturally treat all correspondence and information confidentially.
