Transfer Impact Assessment Templates
These templates are provided to assist privacy professionals in conducting TIAs.
Published: 1 Sept. 2021
Templates
- Cloud Computing: Risk Assessment of Lawful Access By Foreign Authorities (XLSX)
- EU SCC Transfer Impact Assessment (XLSX)
These templates were published to assist privacy professionals in conducting TIAs. The IAPP does not endorse any specific template. We welcome additional templates that can be shared with the privacy community. Please reach out to us at research@iapp.org.
Following the decision of the Court of Justice of the European Union in the Case C-311/18: Data Protection Commissioner v. Facebook Ireland Ltd and Maximilian Schrems, organizations around the world have begun conducting transfer impact assessments. These TIAs typically consider the sufficiency of foreign protections on a case-by-case basis when data is transferred using standard contractual clauses, binding corporate rules or other EU-approved data transfer mechanisms. Given the global impact of the ruling and breadth of sectors affected, there are many different ways to approach such assessments in line with EU guidance.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Transfer Impact Assessment Templates
These templates are provided to assist privacy professionals in conducting TIAs.
Published: 1 Sept. 2021
Templates
- Cloud Computing: Risk Assessment of Lawful Access By Foreign Authorities (XLSX)
- EU SCC Transfer Impact Assessment (XLSX)
These templates were published to assist privacy professionals in conducting TIAs. The IAPP does not endorse any specific template. We welcome additional templates that can be shared with the privacy community. Please reach out to us at research@iapp.org.
Following the decision of the Court of Justice of the European Union in the Case C-311/18: Data Protection Commissioner v. Facebook Ireland Ltd and Maximilian Schrems, organizations around the world have begun conducting transfer impact assessments. These TIAs typically consider the sufficiency of foreign protections on a case-by-case basis when data is transferred using standard contractual clauses, binding corporate rules or other EU-approved data transfer mechanisms. Given the global impact of the ruling and breadth of sectors affected, there are many different ways to approach such assessments in line with EU guidance.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Tags:
Related resources
Global AI Governance Law and Policy: Jurisdiction Overviews
US State Privacy Legislation Tracker
Organizational Digital Governance Report 2025
US State Comprehensive Privacy Laws Report
