This guide constitutes a methodology, a checklist, which identifies various elements to be considered when carrying out a TIA. It gives indications on how the analysis can be carried out by following the six steps set out in EDPB’s recommendations, and points to the relevant documentation. It does not constitute an evaluation of the laws and practices in the third country and risks related thereto.
The use of this guide is not obligatory. Other elements can be considered and other methodologies can be applied.
This guide is organised in six different steps to be followed to carry out a TIA:
- Know your transfer
- Document the transfer tool used
- Evaluate the legislation and practices in the country of destination of the data and the effectiveness of the transfer tool
- Identify and adopt supplementary measures
- Implement the supplementary measures and the necessary procedural steps
- Re-evaluate at appropriate interval the level of data protection and monitor potential developments that may affect it
