The obligation to conduct a TIA arises from the Schrems II ruling and clause 14 of the Standard Contractual Clausel (SCC). The TIA comprises an independent analysis of the security level of a third country to which data is to be transferred. It is a mandatory form of risk assessment for data transfers to “unsafe” third countries.
An “unsafe” third country in terms of data protection is a country outside the EU that does not offer an adequate level of data protection. Where the European Commission will not provide an adequacy decision to a third country, other appropriate safeguards must be provided when transferring data to such a third country e.g. standard contractual clauses (SCC).
NT-ware’s subsidiaries in the USA and Singapore have implemented SCC and conducted a TIA.
For more information, please contact privacy@nt-ware.com