Transfer Impact Assessment (TIA)

Review and evaluation of data transfers to third countries and advice on protective measures from specialised lawyers.

Compliance builds sustainable trust

Mitarbeiter der Kanzlei arbeiten zusammen am Laptop und besprechen einen aktuellen Datenschutzrechtfall

Does my company have to carry out a TIA?

If you want to transfer personal data to a third country outside the EU or EEA, you will need additional data protection safeguards such as Standard Contractual Clauses (SCC).

However, according to the Schrems II ruling of the Court of Justice of the European Union (CJEU), the conclusion of SCCs is not sufficient. Instead, you have to prove that the protection of personal data in the recipient country is de facto comparable to that in the EU.

This is where the Transfer Impact Assessment comes into play as a risk assessment for data transfers to unsafe third countries. It enables both the data exporter and the data importer to check the legality of the transfer in advance and to take appropriate protective measures.

Transfer impact assessment by experts

The CJEU has deliberately set the bar for a TIA very high. When assessing the risk, both the legal framework in the recipient country and the actual local customs must be taken into account. Therefore, a TIA can only be carried out by experts with appropriate legal, local knowledge and linguistic skills.

As part of our advice on data transfer to third countries, we offer the following services, among others:

  • Review of the concluded standard contractual clauses with subsequent review report
  • Review of the specific circumstances of the transfer with a subsequent assessment of the level of protection in third countries (risk assessment)
  • Review and assessment of the laws and practices of the third country of destination based on prepared questionnaires for third country service providers.
  • Advice on effective additional measures within the data transfer process
  • Preparation of an individual opinion including risk analysis of the present data transfer in accordance with the requirements of the EDPB and clause 14 of the SCCs.
  • Depending on the sensitivity of the processing, we can additionally carry out a subsequent data protection impact assessment (DPIA)
Zwei Mitarbeiter von activeMind besprechen einen aktuellen Fall

Four good reasons why you should rely on the experts at when it comes to a TIA

Comprehensive expertise

Our lawyers have the necessary expertise in the area of international data transfer and many years of professional experience in data protection law.

Practical implementation

We know how, if necessary, additional measures, especially technical measures, can be implemented in order to also be able to implement the requirements of the EDPB with regard to data transfer to third countries.

Experience with authorities

We know from many years of experience what the data protection supervisory authorities of the various countries attach importance to during inspections.

International orientation

Our network has experts in the EU, the UK and Switzerland. This allows us to advise and assist globally on the basis of the latest case law.

Non-binding request

In order for us to understand your request in the best possible way, please provide us with some information about the planned data transfer or TIA in advance.

One of our employees will get back to you within two working days with a proposed appointment for an initial phone call.

Our experts are all legal professionals and as such where they are not mandated by statute to maintain confidentiality they are bound by be the ethics of their profession and will naturally treat all correspondence and information confidentially.

Contact us!

Secure the knowledge of our experts!

Subscribe to our free newsletter: