2B Advice
TEL: +1 (858) 366-9750
2B Advice

Data Transfer Impact Assessment

DTIA Services by 2B Advice

The Schrems II ruling by the Court of Justice of the European Union (CJEU) invalidated the Privacy Shield which had been a self-certification privacy compliance regime established to govern EU – U.S.

Companies who transfer data across borders must find other legal bases for their data transfer which include putting Standard Contractual Clauses (SCC) in place to be in compliance with the General Data Protection Regulation (GDPR). This applies to any third country data transfer.

Learn More About Data Transfer Impact Assessment

See how we can help your company with a Data Transfer Impact Assessment today. 

Euro Prise Privacy Seal


EuroPriSe Certified & Accredited
Legal & Technical Experts

SINCE 2003

We are one of the providers with the longest experience in the market.


Our data protection expertise is transnational and we work internationally.

The Challenges with DTIA

According to the GDPR (Art. 44 – 50), contractual clauses ensuring appropriate data protection safeguards can be used as grounds for data transfers from the EU to third countries.

This includes a new form of standard contractual clauses (SCCs) – that have been “pre-approved” by the European Commission and must be in place by December 2022.

DTIA Objectives

Oftentimes, the “pre-approved” SCCs are not sufficient for your particular business. In these cases, the controller is under a due diligence obligation to assess if the guarantees of the SCC are actually upheld in the country of destination. The data transfer should be assessed on a case-by-case basis by method of a Data Transfer Impact Assessment (DTIA).

CMIA Solutions for Companies

A Data Transfer Impact Assessment (DTIA) is much like a Data Protection Impact Assessment (DPIA). The 2B Advice team performs an audit and prepares the following.

  • Make recommendations to reduce/minimize risks for such transfers via i.e. SCCs and registers of processing activities (ROPAs) and specific technical and operational measures (TOMs) for organizations seeking to uphold their data transfer to third countries, i.e. to implement an enterprise class SaaS cloud-based solution (ERP, CRM, etc.) with hosting in the United States and a subsidiary in the EU
  • Advise on the legal requirements for the use of standard contractual clauses (SCC)
  • Implement SCC in such a way as to fulfill minimum requirements set out by the Court of Justice (C-311/18)
  • Provide guidance on risk assessment of data transfer to third countries and hosting data on a single cloud instance
  • Help draft additional protective measures in accordance with the CJEU decision C-311/18
  • Determine trigger criteria for the suspension of data transmission
  • As necessary provide guidance for notification to the data protection supervisory authority.
  • Drafting annex to SCC agreement specifying “additional guarantees”
  • Advise and help create measures to continue using SCCs
    o Help to determine relevant data transfers and data types concerned
  • Conduct ad-hoc risk assessments on data transfers
  • As necessary, help devise additional guarantees
  • Determine strategy for response/prevention

CMIA Benefits for Companies

The benefit of performing a DTIA on third country data transfer is more than the ability to continue to transfer data between countries.

Performing a DTIA permits companies to be able to make an informed decision on where to run a higher or lower number of business operations. Understanding the possible risks that the transfer of data to a specific location entail allows the ability to plan investments more accurately and securely.

Privacy Risk Assessments from 2B Advice

Understanding your areas of privacy risk is a complex journey and 2B Advice Privacy experts are here to help you. Often it is helpful to start with a Privacy Impact Assessment to get an overall idea of your areas of risk; or if cross-border data transfer is a key requirement, you might begin understanding your areas of risk with a Data Transfer Impact Assessment.

If digital transformation a key initiative, then you could start with a Cloud Migration Impact Assessment. Our risk assessments may be run as a single activity, in parallel, or in sequence as you progress on your privacy compliance journey.

Questions? Contact Us Today! SEND MESSAGE or call +1 (858) 366 9750

2B Advice is ISO/IEC 27001:2013 Certified

IAPP Gold Member

2B Advice is an IAPP corporate Gold member

Gold Microsoft Partner

2B Advice is a Microsoft Gold-Certified Partner

Our Clients (Selection)

our Clients

Our Data Privacy Service Portfolio

Privacy Impact Assessment

2B Advice offers privacy compliance software and services that help with Privacy Impact Assessments including risk assessment tools, catalogs, and more.

Data Protection Impact Assessment

According to GDPR, processing of personal data has to an elaborate assessment of the impact prior to the processing. Learn how we can help.

Cloud Migration Impact Assessment

Our team of experts will advise your legal requirements you need to be aware of in terms of privacy regulations and data privacy compliance.

Data Transfer Impact Assessment

Companies who transfer data across borders must find other legal bases for their data transfer which include putting SCC in place according to GDPR.

Regional GDPR Gap Analysis

The Regional GDPR Gap is an initial assessment to identify organizational gaps in your privacy organization based on the current state of your privacy program.

Standard Contractual Clauses

According to the GDPR, SCCs ensure appropriate data protection safeguards as grounds for data transfers from the EU to third countries.



2B Advice LLC
7220 Avenida Encinas #208
Carlsbad, California, USA

Tel: +1 (858) 366 9750