Data Protection Consultation at KINAST
Transfer Impact Assessment
A Transfer Impact Assessment (TIA) is an analysis performed by a data controller or by a data processor of the security implications of a personal data transfer to countries outside the EU/EEA, or that benefit from an adequacy decision.
Why carry out a Transfer Impact Assessment?
Do you need an External Data Protection Officer?
Five steps to compliance:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
Transfer Impact Assessment: Good to know
Generally, the GDPR does not indicate which factors must be held in account when concluding a Transfer Impact Assessment: An example could be whether, in the target country, there are laws in place alllowing government agencies to access the transferred data. Furthermore, as mentioned above, the TIA is usually built as a questionnaire and needs to be conducted for every processing activity.
Though the GDPR does not indicate the written form as mandatory, it is strongly recommended to have it in writing: Our professionals can assist you in this matter with their experience.
Other areas to consider:
How do we guarantee your data protection compliance in your international company or corporation?
If you require full service data protection, we can also act as your External Data Protection Officer. To guarantee a timely and cost effective execution of all necessary data protection measurements, we’ve developed our own concept based on a three-point plan:
As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.
In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.
Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.
Reasons to choose KINAST for your Transfer Impact Assessment
The completion of a Transfer Impact Assessment is a higly precise process requiring a thorough knowledge of the legal framework governing personal data. You can expect support from our highly qualified and experienced lawyers and data protection specialists along every step of the way, from gathering the information regarding the specific data transfer to the evaluation and the documentation of the TIA.
First class guidance developing your Transfer Impact Assessment
Data protection law, especially on the international stage, can be a legal minefield. Our experienced lawyers and data protection officers are here to help. KINAST Attorneys at Law are specialised soley in data protection and we’ve been advising international groups and corporations since before GDPR laws came into effect. We guarantee that your company is in the safest, most knowledgeable hands.
So why not contact us today for a free, no obligation consultation?
Send this page to a colleague?
Frequently asked questions
You may still have questions about carrying out a GDPR compliant Transfer Impact Assessment. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.
A TIA is necessary for every transfer of personal data to a target country outside the EEA or for which no adequacy decision is in place.
A TIA is usually performed by the data controller with the support of the DPO.
A TIA has to be performed prior to the beginning of the third-country data transfer in order to evaluate the transfer and to implement additional safeguards if needed.