Transfer impact assessment—personal data

The following Risk & Compliance precedent provides comprehensive and up to date legal information covering:

  • Transfer impact assessment—personal data

Transfer impact assessment—personal data

    1. 1

      Background information

      Status of data transfer☐ Proposed
      ☐ Existing
      Person(s) conducting assessment[Insert name]
      Date of assessment[Insert date]
    1. 2

      Parties to the data transfer

      Who is the data exporter?[State which organisation is the data exporter, which could be an entity within a group structure]
      Who is the data being transferred to (data recipient)?[State who will receive the data]
      What is the status of the data recipient in relation to the proposed transfer?☐ Controller
      ☐ Processor
      What type of organisation is the data recipient?☐ Public sector organisation
      ☐ Private sector organisation
      ☐ Other [provide further information]
      Will the recipient share the data with any other parties, eg sub-processors?☐ Yes
      ☐ No
      If yes, you will need to complete an assessment for to all parties to the transfer
    1. 3

      Details of proposed or actual transfer

      For what purpose is the data being transferred and processed?[Insert, eg marketing, HR, storage, IT support, clinical trials—include a description of the proposed processing]
      What data or classes of data will be transferred?[Insert]
      Does this include special category personal data?☐ Yes—[state what type of special category personal data will be transferred]
      ☐ No
      What volume of personal data will be transferred?[Insert]
      Who are the data subjects or classes of data subject?[Insert]
      Does this include any children or vulnerable data subjects?☐ Yes
      ☐ No
      In which sector will the transfer take place?[Insert, eg adtech, telecommunications, financial]
      Will the data be stored in the recipient country or is

Popular documents