DTIA Services by 2B Advice
The Schrems II ruling by the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield which had been a self-certification privacy compliance regime established to govern EU – U.S.
Companies who transfer data across borders must find other legal bases for their data transfer which include putting Standard Contractual Clauses (SCC) in place to be in compliance with the General Data Protection Regulation (GDPR). This applies to any third country data transfer.
Learn More About Data Transfer Impact Assessment
See how we can help your company with a Data Transfer Impact Assessment today.
EuroPriSe Certified & Accredited
Legal & Technical Experts
We are one of the providers with the longest experience in the market.
Our data protection expertise is transnational and we work internationally.
The Challenges with DTIA
According to the GDPR (Art. 44 – 50), contractual clauses ensuring appropriate data protection safeguards can be used as grounds for data transfers from the EU to third countries.
This includes a new form of standard contractual clauses (SCCs) – that have been “pre-approved” by the European Commission and must be in place by December 2022.
Oftentimes, the “pre-approved” SCCs are not sufficient for your particular business. In these cases, the controller is under a due diligence obligation to assess if the guarantees of the SCC are actually upheld in the country of destination. The data transfer should be assessed on a case-by-case basis by method of a Data Transfer Impact Assessment (DTIA).
CMIA Solutions for Companies
A Data Transfer Impact Assessment (DTIA) is much like a Data Protection Impact Assessment (DPIA). The 2B Advice team performs an audit and prepares the following.
- Make recommendations to reduce/minimize risks for such transfers via i.e. SCCs and registers of processing activities (ROPAs) and specific technical and operational measures (TOMs) for organizations seeking to uphold their data transfer to third countries, i.e. to implement an enterprise class SaaS cloud-based solution (ERP, CRM, etc.) with hosting in the United States and a subsidiary in the EU
- Advise on the legal requirements for the use of standard contractual clauses (SCC)
- Implement SCC in such a way as to fulfill minimum requirements set out by the Court of Justice (C-311/18)
- Provide guidance on risk assessment of data transfer to third countries and hosting data on a single cloud instance
- Help draft additional protective measures in accordance with the CJEU decision C-311/18
- Determine trigger criteria for the suspension of data transmission
- As necessary provide guidance for notification to the data protection supervisory authority.
- Drafting annex to SCC agreement specifying “additional guarantees”
- Advise and help create measures to continue using SCCs
o Help to determine relevant data transfers and data types concerned
- Conduct ad-hoc risk assessments on data transfers
- As necessary, help devise additional guarantees
- Determine strategy for response/prevention
CMIA Benefits for Companies
The benefit of performing a DTIA on third country data transfer is more than the ability to continue to transfer data between countries.
Performing a DTIA permits companies to be able to make an informed decision on where to run a higher or lower number of business operations. Understanding the possible risks that the transfer of data to a specific location entail allows the ability to plan investments more accurately and securely.
Privacy Risk Assessments from 2B Advice
Understanding your areas of privacy risk is a complex journey and 2B Advice Privacy experts are here to help you. Often it is helpful to start with a Privacy Impact Assessment to get an overall idea of your areas of risk; or if cross-border data transfer is a key requirement, you might begin understanding your areas of risk with a Data Transfer Impact Assessment.
If digital transformation a key initiative, then you could start with a Cloud Migration Impact Assessment. Our risk assessments may be run as a single activity, in parallel, or in sequence as you progress on your privacy compliance journey.
2B Advice is ISO/IEC 27001:2013 Certified
2B Advice is an IAPP corporate Gold member
2B Advice is a Microsoft Gold-Certified Partner
Our Clients (Selection)
Our Data Privacy Service Portfolio
How We Can Help
Explore Our Consulting Services
Certification & Training
Learn more about how data protection compliance software can help you with GDPR compliance.2B Advice Reasons to operationalize CCPA Whitepaper
7 reasons why to get started on the journey to privacy compliance. Download the whitepaper!Free Single User License for 2B Advice PriME
Interested in an unlimited single seat license for comprehensive data privacy software? Register here now.
Individuals have the right to access their personal data, commonly referred to as subject access. But can this process be automated?How to Become A Certified Data Protection Officer?
It is required by law to appoint a data protection officer in your company. Read all you need to know for your organization.Zoom Data Privacy
Which data privacy guidelines do you actually have to observe when using the Zoom software? Is your company Zoom compliant?