Data Protection Services at KINAST

International Data Flow

Cross-border data flows are a critical part of international trade and digital service models. In the modern, interconnected world, this kind of international data flow underpins the global economy. Of course, these data flows are subject to the laws in force, both locally and internationally.

Top 5 Law Firm in Germany

What is international data flow?

When talking about data flow, we essentially refer to the circulation of personal data between two or more parties. When this happens on an international level, it is called cross-border data flow, international data flow or third-country data transfer if it is a data flow outside the EU/EEA.

When personal data is transferred outside the European Economic Area, it must be accompanied by special safeguards to ensure that the data has adequate protection. This may include ensuring that the data is encrypted, or that the receiving party has agreed to comply with EU data protection laws. By taking these measures, businesses can help protect their customers‘ privacy and ensure that their data is handled in a safe and responsible manner.

The GDPR demands a high level of protection for the passage of information.

in the case of cross-border data flow, the GDPR specifically requires special security measures to be put in place in order to guarantee the safety of the data.

International Data Flow - Legal Consultation at KINAST

Do you need an External Data Protection Officer?

We don’t only advise on international data flow, but also offer smart, full service data protection solutions. We do the hard work. You concentrate on growing your business.

Five steps to compliance:

Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.

We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.

Document the current data protection status and define further required actions if necessary.

We carry out all necessary measures identified during the data protection audit.

Designation as External data protection officer and on-going consultation starting from day 1.

International Data Flow in action

One of the most common types of cross-border data flow that we handle is the trans-Atlantic data transfer: Personal data is sent from the EU to the USA and vice versa. This is the case, for example, when using online service providers. In this instance, our professionals can help you to verify the provider’s compliance and the safety measures in place.

For specific countries, so-called adequacy decisions are in place, as it has been determined that these countries have an adequate level of data protection essentially equal to that of the EU. No additional safety measures are needed for data flows in these countries. This is the case for e.g., Canada, Switzerland and others.

How can we guarantee the security of your international data flow?

As experienced External Data Protection Officers and lawyers, we really know data protection law better than anyone else. We understand your business and industry, and provide the streamlined, risk based solutions you thought weren’t possible. We have the manpower and, together with our proven three-point plan, our teams will not only secure your cross border data flow, but also offer future-proof implementation.

As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.

In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.

Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.

Why use the services provided by KINAST?

The majority of international data transfers need to be determined on a case-by-case basis. There is no ‚one-size-fits-all‘ solution. As experienced External Data Protection Officers and lawyers, we really know data protection law better than anyone else. We understand your business and industry, and provide the streamlined, risk based solutions you thought weren’t possible.

What makes KINAST the best choice for international data flow and data protection law?


We are an experienced team of lawyers with many years of experience and knowledge in data protection law, data security and as DPOs.

Practical experience

Due to many years of practical experience we know companies "from the inside". In colloquial terms, you should be able to "live what we advise".

IT affinity

Regardless of existing or new IT systems, our attorneys have a profound technical understanding and advise you accordingly.

Cost transparency

We work on the basis of fixed hourly contingents, keeping pricing simple and managable.

Guaranteed legality

We are not only outstanding data protector officers, but also experienced lawyers.

Individual solutions

We do not work "off the peg", but offer tailor-made concepts, specifically for your business.

Efficient organisation und communication

Our soluitions lay high priority on open communication, transparent project management and defined goals.

Drafting of legal documents

We draft guidelines, work instructions, operating and service agreements, declarations of consent and commitment, lists of procedures and contracts on a daily business.

Personality and continuity

We do not provide you with just any resource, but with the right colleague for you – permanently and without unpleasant changes.

Data Protection
KINAST Attorneys at Law - International Data Flow
International Data Flow - Legal Advice
KINAST Legal Consultation - International Data Flow

Get assistance securing the flow of your company's data over international borders

If you’re uncertain that the data you are sending to a third country is secure, you should seek qualified legal advice. At KINAST, we guarantee that your company is in safe hands. So why not contact us today for a free, no obligation consultation?

Send this page to a colleague?


Frequently asked questions

Securing your company’s international data flow can be a complicated process, even for the best legal minds. Below, we’ve answered some of the questions our clents ask us the most. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you soon.

An international data flow basically takes place every time the recipient of the personal data processed is located outside the EU.

The European Data Protection Supervisor (EDPS) has stated that in absence of an adequacy decision, the first thing that needs to be in place are the SCCs, a set of data protction clauses drafted and agreed upon by the European Commission. Further information can be found under Art. 46 (1) GDPR.

In case of data flow to a third country, it must be ensured that adequate measures are in place, and that a contract is signed. Furthemore, the contract should clearly state the rights of the data subject and the purpose of the data processing. It should also be assessed what additional transfer safeguards according to the GDPR are to be agreed upon. Accompanied by the conduction of a Transfer Impact Assessment (TIA).

Ask us for a quote

Please provide our team with a few details about your company. This makes it easier for us to assign the correct expert for your needs

Let's talk

Simply leave your details here and one of our lawyers or data protection experts will get back to you as soon as possible.

Media enquiries

Simply leave your details here and one of our marketing team will get back to you soon.

Partnership enquiries

Simply leave your details here and one of our marketing team will get back to you soon.