Schedule Demo
Data Processing  2 Minute Read

Transfer Impact Assessments

Blogs_Tiles

What is a Transfer Impact Assessment (TIA)?

 

A transfer impact assessment clarifies your organisation’s risks for transferring EU residents’ data to countries without adequacy under the GDPR. It is a questionnaire that needs to be completed by either party to the data transfer i.e., data importer or data exporter.

TIA's s are now mandatory under EDPB Guidance on Supplementary Measures for data transfers, the June 2021 Standard Contractual Clauses (SCCs), and the Schrems II decision. A TIA allows for an examination of the specific data transfer as opposed to providing an objective assessment of data transfers to that third country. A TIA must be carried out for each new processing activity which involves data transfers to non-EEA countries not deemed adequate by the European Commission. 


When is a Transfer Impact Assessment Needed?

 

  • Where an EEA organisation is transferring data to a non-EEA third country that has not been given adequacy by the European Commission.

  • Where a third country data transfer is safeguarded under SCCs, a TIA is further mandated under Section III of the 2021 SCCs as a component of the local law assessment.

Transfer Impact Assessment Diagram

 

The Benefits of a Transfer Impact Assessment

 

  • Ensure GDPR compliance and mitigate against risks associated with a data transfer prior to the transfer/processing beginning.

  • Determine the likelihood of government access requests in the importing country/third country.

  • Ensure Compliance with Schrems II.

  • Once risks have been mitigated against, identify the next steps prior to the processing beginning.

  • Gain an awareness of data protection legislation and practices within the importing country/third country.

  • Save time and money in potential fines and legal fees. 

Transfer Impact Assessment Feature by PrivacyEngine

You can use the Questionnaire feature on PrivacyEngine to send the TIA questionnaire out to third parties engaged in the data transfer. This can be either the data importer or data exporter. Based on the responses to the questionnaire, you can begin planning next steps. To learn more about PrivacyEngine's TIA questionnaire, click on the button below to schedule meeting with a member of the team.

Schedule Demo