Data Protection Consultation at KINAST

Transfer Impact Assessment

A Transfer Impact Assessment (TIA) is an analysis performed by a data controller or by a data processor of the security implications of a personal data transfer to countries outside the EU/EEA, or that benefit from an adequacy decision.

Top 5 Law Firm in Germany

Why carry out a Transfer Impact Assessment?

While the new Standard Contractual Clauses (SCCs), as published by the European Commission in June 2021, state in Clause 14 that a TIA needs to be performed before the data transfer takes place in order to guarantee a safe data flow, the obligation to perform a TIA refers to all third-country data transfers, even though they may not be based on SCCs, but on Binding Corporate Rules (BCRs) or an adequacy decision.

Usually a Transfer Impact Assessment comes in a written questionnaire. Typically it is comprised of the following steps:

Transfer Impact Assessment - A legal service by KINAST

Do you need an External Data Protection Officer?

Five steps to compliance:

Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.

We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.

Document the current data protection status and define further required actions if necessary.

We carry out all necessary measures identified during the data protection audit.

Designation as External data protection officer and on-going consultation starting from day 1.

Transfer Impact Assessment: Good to know

Generally, the GDPR does not indicate which factors must be held in account when concluding a Transfer Impact Assessment: An example could be whether, in the target country, there are laws in place alllowing government agencies to access the transferred data. Furthermore, as mentioned above, the TIA is usually built as a questionnaire and needs to be conducted for every processing activity.

Though the GDPR does not indicate the written form as mandatory, it is strongly recommended to have it in writing: Our professionals can assist you in this matter with their experience.

How do we guarantee your data protection compliance in your international company or corporation?

If you require full service data protection, we can also act as your External Data Protection Officer. To guarantee a timely and cost effective execution of all necessary data protection measurements, we’ve developed our own concept based on a three-point plan:

As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.

In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.

Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.

Reasons to choose KINAST for your Transfer Impact Assessment

The completion of a Transfer Impact Assessment is a higly precise process requiring a thorough knowledge of the legal framework governing personal data. You can expect support from our highly qualified and experienced lawyers and data protection specialists along every step of the way, from gathering the information regarding the specific data transfer to the evaluation and the documentation of the TIA.


We are an experienced team of lawyers with many years of experience and knowledge in data protection law, data security and as DPOs.

Practical experience

Due to many years of practical experience we know companies "from the inside". In colloquial terms, you should be able to "live what we advise".

IT affinity

Regardless of existing or new IT systems, our attorneys have a profound technical understanding and advise you accordingly.

Cost transparency

We work on the basis of fixed hourly contingents, keeping pricing simple and managable.

Guaranteed legality

We are not only outstanding data protector officers, but also experienced lawyers.

Individual solutions

We do not work "off the peg", but offer tailor-made concepts, specifically for your business.

Efficient organisation und communication

Our soluitions lay high priority on open communication, transparent project management and defined goals.

Drafting of legal documents

We draft guidelines, work instructions, operating and service agreements, declarations of consent and commitment, lists of procedures and contracts on a daily business.

Personality and continuity

We do not provide you with just any resource, but with the right colleague for you – permanently and without unpleasant changes.

Transfer Impact Assessment - KINAST Attorneys at Law
GDPR Transfer Impact Assessment Services
Data Protection
Transfer Impact Assessment - International Data Protection

First class guidance developing your Transfer Impact Assessment

Data protection law, especially on the international stage, can be a legal minefield. Our experienced lawyers and data protection officers are here to help. KINAST Attorneys at Law are specialised soley in data protection and we’ve been advising international groups and corporations since before GDPR laws came into effect. We guarantee that your company is in the safest, most knowledgeable hands.

So why not contact us today for a free, no obligation consultation?

Send this page to a colleague?


Frequently asked questions

You may still have questions about carrying out a GDPR compliant Transfer Impact Assessment. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.

A TIA is necessary for every transfer of personal data to a target country outside the EEA or for which no adequacy decision is in place.

A TIA is usually performed by the data controller with the support of the DPO.

A TIA has to be performed prior to the beginning of the third-country data transfer in order to evaluate the transfer and to implement additional safeguards if needed.

Ask us for a quote

Please provide our team with a few details about your company. This makes it easier for us to assign the correct expert for your needs

Let's talk

Simply leave your details here and one of our lawyers or data protection experts will get back to you as soon as possible.

Media enquiries

Simply leave your details here and one of our marketing team will get back to you soon.

Partnership enquiries

Simply leave your details here and one of our marketing team will get back to you soon.