Data Protection Consultation at KINAST
Transfer Impact Assessment
A Transfer Impact Assessment (TIA) is an analysis performed by a data controller or by a data processor of the security implications of a personal data transfer to countries outside the EU/EEA, or that benefit from an adequacy decision.
- Full Service
- Individual, efficient solutions
- Transparent Pricing Structure
- International legalilty guaranteed
- There when you need us
Why carry out a Transfer Impact Assessment?
Usually a Transfer Impact Assessment comes in a written questionnaire. Typically it is comprised of the following steps:
- Description of the intended transfer
- Definition of a TIA parameters
- Description of the safeguards that have been implemented
- Risk assessment of unlawful access to transferred personal data
- Conclusion on whether the transfer is considered at an acceptable level of risk
Do you need an External Data Protection Officer?
Five steps to compliance:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
Transfer Impact Assessment: Good to know
Generally, the GDPR does not indicate which factors must be held in account when concluding a Transfer Impact Assessment: An example could be whether, in the target country, there are laws in place alllowing government agencies to access the transferred data. Furthermore, as mentioned above, the TIA is usually built as a questionnaire and needs to be conducted for every processing activity.
Though the GDPR does not indicate the written form as mandatory, it is strongly recommended to have it in writing: Our professionals can assist you in this matter with their experience.
How do we guarantee your data protection compliance in your international company or corporation?
If you require full service data protection, we can also act as your External Data Protection Officer. To guarantee a timely and cost effective execution of all necessary data protection measurements, we’ve developed our own concept based on a three-point plan:
As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.
In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.
Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.
Reasons to choose KINAST for your Transfer Impact Assessment
The completion of a Transfer Impact Assessment is a higly precise process requiring a thorough knowledge of the legal framework governing personal data. You can expect support from our highly qualified and experienced lawyers and data protection specialists along every step of the way, from gathering the information regarding the specific data transfer to the evaluation and the documentation of the TIA.
Expertise
We are an experienced team of lawyers with many years of experience and knowledge in data protection law, data security and as DPOs.
Practical experience
Due to many years of practical experience we know companies "from the inside". In colloquial terms, you should be able to "live what we advise".
IT affinity
Regardless of existing or new IT systems, our attorneys have a profound technical understanding and advise you accordingly.
Cost transparency
We work on the basis of fixed hourly contingents, keeping pricing simple and managable.
Guaranteed legality
We are not only outstanding data protector officers, but also experienced lawyers.
Individual solutions
We do not work "off the peg", but offer tailor-made concepts, specifically for your business.
Efficient organisation und communication
Our soluitions lay high priority on open communication, transparent project management and defined goals.
Drafting of legal documents
We draft guidelines, work instructions, operating and service agreements, declarations of consent and commitment, lists of procedures and contracts on a daily business.
Personality and continuity
We do not provide you with just any resource, but with the right colleague for you – permanently and without unpleasant changes.
First class guidance developing your Transfer Impact Assessment
Data protection law, especially on the international stage, can be a legal minefield. Our experienced lawyers and data protection officers are here to help. KINAST Attorneys at Law are specialised soley in data protection and we’ve been advising international groups and corporations since before GDPR laws came into effect. We guarantee that your company is in the safest, most knowledgeable hands.
So why not contact us today for a free, no obligation consultation?
Send this page to a colleague?
Frequently asked questions
You may still have questions about carrying out a GDPR compliant Transfer Impact Assessment. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.
A TIA is necessary for every transfer of personal data to a target country outside the EEA or for which no adequacy decision is in place.
A TIA is usually performed by the data controller with the support of the DPO.
A TIA has to be performed prior to the beginning of the third-country data transfer in order to evaluate the transfer and to implement additional safeguards if needed.