Guidance EU/EDPB EU Commission: When is a DPIA required EPDB Guidelines Balancing principle CNIL (FR) ICO (UK) ICO TRA Tools HSE (IE) Templates IAPP ICO (UK) TIA LIA GDPR Handbook OneTrust Samples & Examples Attlassian example References EDPB Data protection for SME Recommendations Guidelines, Recommendations, Best Practices Transfers
I’ve got a question from a colleague / customer, how to conduct a DTIA, data tranfer impact assessment. And while collecting some interesting references, guidances, samples and examples, … I thought it might be interesting to share the colllection and knowledge, so you can re-use it easily next time you need to…
Not final yet, knowledge sharing work in progress, more to come… updating my memory
Guidance
EU/EDPB
EU Commission: When is a DPIA required
https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations/obligations/when-data-protection-impact-assessment-dpia-required_en
EPDB Guidelines
EDPB Guidelines on Data Protection Impact Assessment (DPIA)
Balancing principle
CNIL (FR)
https://www.cnil.fr/en/closed-transfer-impact-assessment-tia-cnil-consults-you-draft-guide
More info:
ICO (UK)
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/international-data-transfer-agreement-and-guidance/transfer-risk-assessments/
https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/international-data-transfer-agreement-and-guidance/transfer-risk-assessments/#TRA-tool
HSE (IE)
Download of a DTIA template in editable word format:
https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fassets.hse.ie%2Fmedia%2Fdocuments%2Fhse-transfer-impact-assessment-form.docx&wdOrigin=BROWSELINK
Templates
IAPP
https://iapp.org/resources/article/transfer-impact-assessment-templates/
ICO (UK)
TIA
Download template: https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fico.org.uk%2Fmedia%2Ffor-organisations%2Fdocuments%2F4022649%2Ftransfer-risk-assessments-tool-20221117.doc&wdOrigin=BROWSELINK
LIA
https://view.officeapps.live.com/op/view.aspx?src=https%3A%2F%2Fico.org.uk%2Fmedia%2Ffor-organisations%2Fforms%2F2258435%2Fgdpr-guidance-legitimate-interests-sample-lia-template.docx%23%3A~%3Atext%3DThis%2520legitimate%2520interests%2520assessment%2520(LIA%2Calongside%2520our%2520legitimate%2520interests%2520guidance.&wdOrigin=BROWSELINK
GDPR Handbook
https://www.gdprhandbook.eu/gdpr-templates
OneTrust
https://www.dataguidance.com/resource/transfer-impact-assessment-checklist
Samples & Examples
Attlassian example
https://www.atlassian.com/legal/data-transfer-impact-assessment#intro
References
EDPB
Data protection for SME
https://www.edpb.europa.eu/sme-data-protection-guide/home_en
Recommendations
Guidelines, Recommendations, Best Practices
https://www.edpb.europa.eu/our-work-tools/general-guidance/guidelines-recommendations-best-practices_en
Transfers
Recommendations 01/2020 on measures that supplement transfer tools to ensure compliance with the EU level of protection of personal data
https://www.edpb.europa.eu/our-work-tools/our-documents/recommendations/recommendations-012020-measures-supplement-transfer_en
Download: https://www.edpb.europa.eu/system/files/2021-06/edpb_recommendations_202001vo.2.0_supplementarymeasurestransferstools_en.pdf