transfer-impact-assessment
Installation
SKILL.md
Conducting Transfer Impact Assessment
Overview
Following the Court of Justice of the European Union's judgment in Schrems II (Case C-311/18, 16 July 2020), organisations relying on Standard Contractual Clauses (SCCs) or other Art. 46 GDPR transfer mechanisms must conduct a Transfer Impact Assessment (TIA) to evaluate whether the legal framework of the destination country provides an essentially equivalent level of protection for personal data. The EDPB adopted Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data (Version 2.0, adopted 18 June 2021), establishing a six-step methodology for this assessment.
EDPB Six-Step Methodology
Step 1: Know Your Transfers
Map all personal data transfers to third countries, identifying:
| Element | Required Information |
|---|---|
| Transfer identification | Unique reference for each transfer or set of transfers |
| Data exporter | Legal entity name, establishment, role (controller/processor) |
| Data importer | Legal entity name, establishment, role (controller/processor) |
| Transfer mechanism | SCCs (specifying module), BCRs, Art. 49 derogation |
| Data categories | Personal data types transferred, including any special categories |
Related skills