Note-to-self: data transfert #DTIA, legitimate interest #LIA and data protection #DPIA impact assessment resources

  1. Guidance
    1. EU/EDPB
      1. EU Commission: When is a DPIA required
      2. EPDB Guidelines
    2. Balancing principle
    3. CNIL (FR)
    4. ICO (UK)
      1. ICO TRA Tools
    5. HSE (IE)
  2. Templates
    1. IAPP
    2. ICO (UK)
      1. TIA
      2. LIA
    3. GDPR Handbook
    4. OneTrust
  3. Samples & Examples
    1. Attlassian example
  4. References
    1. EDPB
      1. Data protection for SME
    2. Recommendations
      1. Guidelines, Recommendations, Best Practices
      2. Transfers

I’ve got a question from a colleague / customer, how to conduct a DTIA, data tranfer impact assessment.
And while collecting some interesting references, guidances, samples and examples, … I thought it might be interesting to share the colllection and knowledge, so you can re-use it easily next time you need to…

Not final yet, knowledge sharing work in progress, more to come… updating my memory

Guidance

EU/EDPB

EU Commission: When is a DPIA required

https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/when-data-protection-impact-assessment-dpia-required_en

EPDB Guidelines

EDPB Guidelines on Data Protection Impact Assessment (DPIA)

Balancing principle

CNIL (FR)

https://www.cnil.fr/en/closed-transfer-impact-assessment-tia-cnil-consults-you-draft-guide

More info:

ICO (UK)

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/international-data-transfer-agreement-and-guidance/transfer-risk-assessments/

ICO TRA Tools

https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/international-data-transfer-agreement-and-guidance/transfer-risk-assessments/#TRA-tool

HSE (IE)

Download of a DTIA template in editable word format:

https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fassets.hse.ie%2Fmedia%2Fdocuments%2Fhse-transfer-impact-assessment-form.docx&wdOrigin=BROWSELINK

Templates

IAPP

https://iapp.org/resources/article/transfer-impact-assessment-templates/

ICO (UK)

TIA

Download template: https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fico.org.uk%2Fmedia%2Ffor-organisations%2Fdocuments%2F4022649%2Ftransfer-risk-assessments-tool-20221117.doc&wdOrigin=BROWSELINK

LIA

https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fico.org.uk%2Fmedia%2Ffor-organisations%2Fforms%2F2258435%2Fgdpr-guidance-legitimate-interests-sample-lia-template.docx%23%3A~%3Atext%3DThis%2520legitimate%2520interests%2520assessment%2520(LIA%2Calongside%2520our%2520legitimate%2520interests%2520guidance.&wdOrigin=BROWSELINK

GDPR Handbook

https://www.gdprhandbook.eu/gdpr-templates

OneTrust

https://www.dataguidance.com/resource/transfer-impact-assessment-checklist

Click to access OT-transfer-impact-assessments-checklist-US-digital.pdf

Samples & Examples

Attlassian example

https://www.atlassian.com/legal/data-transfer-impact-assessment#intro

References

EDPB

Data protection for SME

https://www.edpb.europa.eu/sme-data-protection-guide/home_en

Recommendations

Guidelines, Recommendations, Best Practices

https://www.edpb.europa.eu/our-work-tools/general-guidance/guidelines-recommendations-best-practices_en

Transfers

Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data

https://www.edpb.europa.eu/our-work-tools/our-documents/recommendations/recommendations-012020-measures-supplement-transfer_en

Click to access edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf

Download: https://www.edpb.europa.eu/system/files/2021-06/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.