Transfer Impact Assessments (TIAs)
This guide explains how to use Daisy to conduct and document Transfer Impact Assessments (TIAs) as required under the GDPR, particularly following the Schrems II ruling.
What is a TIA?
A TIA is a risk assessment that organizations must perform before transferring personal data to a third country (a country outside the EEA). The goal is to ensure that the data will be protected to a standard equivalent to that of the GDPR.
When is a TIA Required?
A TIA is required whenever you rely on a transfer tool under Article 46 of the GDPR, such as Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs).
How Daisy Helps
Daisy simplifies the TIA process by:
- Automating Information Gathering: Daisy can help you gather information about the legal framework and surveillance laws of the third country.
- Providing a Structured Workflow: Daisy guides you through the necessary steps of the assessment.
- Generating the TIA Report: Daisy generates a comprehensive report that documents your assessment and its conclusions.
Steps to Conduct a TIA with Daisy
- Initiate the TIA: Start a new TIA from the compliance dashboard.
- Describe the Transfer: Provide details about the data transfer, including the data subjects, categories of data, and the purpose of the transfer.
- Select the Transfer Tool: Specify the Article 46 transfer tool you are using (e.g., SCCs).
- Assess the Third Country's Laws: Use Daisy's research capabilities to assess the legal framework of the third country.
- Identify Supplementary Measures: If necessary, identify and document any supplementary measures you will implement to protect the data.
- Generate the Report: Daisy will generate a TIA report based on your input.