Add a bookmark to get started

Global data transfers are a daily occurrence for many businesses.

This creates an increased reliance on international supply chains and intra-group data sharing, with many cloud vendors based in the US and other third countries

Following the Schrems II judgement of Europe’s highest court, businesses transferring personal data from Europe or the UK to a third country must first carry out a transfer impact assessment (TIA), on a case-by-case basis, of the level of protection provided in that third country. Meeting the requirements of Schrems II is a challenge even for the most sophisticated and well-resourced organisations.

Transfer has been developed to streamline the process of carrying out TIAs, providing a clear step-by-step methodology by which data exporters and importers may logically and consistently assess problematic laws and practices in “third countries”, the level of safeguards in place and the severity and likelihood of harm as a result of public authority access when transferring personal data.

Key features of Transfer:
  • standardised methodology with a scoring matrix and weighted assessment criteria to drive consistent decision making
  • extensive library of comparative assessments of third country laws and practices – currently over 60 jurisdictions covered
  • user-friendly interface making it quick and easy to complete an assessment and record the outcome
  • modular approach - providing the flexibility to deploy Transfer as an ‘off the shelf’ tool, to help with individual country analysis, or created a tailored TIA solution to existing compliance controls
  • update service - keeping content up to date based on active monitoring of legal and regulatory change around the world

 

Useful resources
Judgment of the Court of Justice of the European Union in DPC v Facebook Ireland, Maximillian Schrems (Case C 311/18)

EDPB Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

DLA Piper Privacy Matters blog