{"id":19661,"date":"2022-10-17T11:51:43","date_gmt":"2022-10-17T09:51:43","guid":{"rendered":"https:\/\/duthler.nl\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/"},"modified":"2024-03-28T13:47:42","modified_gmt":"2024-03-28T12:47:42","slug":"data-transfer-impact-assessment-dtia","status":"publish","type":"page","link":"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/","title":{"rendered":"Data Transfer Impact Assessment (DTIA)"},"content":{"rendered":"\n<div class=\"wp-block-cover alignfull has-parallax\"><span aria-hidden=\"true\" class=\"wp-block-cover__background has-nv-light-bg-background-color has-background-dim-80 has-background-dim\"><\/span><div role=\"img\" class=\"wp-block-cover__image-background wp-image-21548 has-parallax\" style=\"background-position:50% 50%;background-image:url(https:\/\/duthler.nl\/wp-content\/uploads\/2019\/02\/Toetsen-van-de-geschiktheid-van-een-FG.jpg)\"><\/div><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\">\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div class=\"wp-block-columns has-neve-text-color-color has-text-color is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<h2 class=\"wp-block-heading has-text-align-left has-neve-text-color-color has-text-color has-large-font-size\"><strong>Want to have a Data Transfer Impact Assessment (DTIA) carried out?<\/strong><\/h2>\n\n\n\n<p>The GDPR does not apply outside the EU. However, companies in the EU sometimes need to share personal data with a company outside the EU for their business activities. That company outside the EU can take on the role of (sub) processor or process the data as a controller. This is called transfer of personal data. <\/p>\n\n\n\n<p>If personal data is shared outside the EU, the rights of data subjects may be harmed if it has not been established that the party outside the EU properly protects the personal data. The EU has assessed the legislation of several countries outside the EU as equivalent to the GDPR. It has been established for these countries that an adequate level of protection has been set up and the <a href=\"https:\/\/ec.europa.eu\/info\/law\/law-topic\/data-protection\/international-dimension-data-protection\/adequacy-decisions_en\" target=\"_blank\" rel=\"noreferrer noopener\">adequacy decision applies<\/a>. <\/p>\n\n\n\n<p>For the countries to which the adequacy decision does not apply, the European Data Protection Board (EDPB) has drawn up <a href=\"https:\/\/edpb.europa.eu\/our-work-tools\/our-documents\/recommendations\/recommendations-012020-measures-supplement-transfer_en\" target=\"_blank\" rel=\"noreferrer noopener\">recommendations<\/a> if personal data is transferred to a third country. The company will have to establish with the importing company on a case-by-case basis whether the legislation or practice of the third country compromises the adequate protection of personal data. This company can be both a controller and a processor. The controller always remains ultimately responsible and will have to verify that the processor has carried out the assessment correctly. <\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button has-custom-width wp-block-button__width-100 is-style-primary\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/duthler.nl\/en\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">Interested? Contact us!<\/a><\/div>\n<\/div>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\"><\/div>\n<\/div>\n\n\n\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div><\/div>\n\n<div class=\"wp-block-cover alignfull\"><span aria-hidden=\"true\" class=\"wp-block-cover__background has-nv-site-bg-background-color has-background-dim-100 has-background-dim\"><\/span><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\">\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left has-neve-text-color-color has-text-color has-large-font-size\"><strong>What is our approach?<\/strong><\/h2>\n\n\n\n<div class=\"wp-block-columns has-neve-text-color-color has-text-color is-layout-flex wp-container-core-columns-is-layout-9d6595d7 wp-block-columns-is-layout-flex\">\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<p>The EDPB has included a Data Transfer Impact Assessment (DTIA) in its advice, which consists of six steps. <\/p>\n\n\n\n<p>In general, the steps consist of: <\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Know what personal data you want to share with the importing company and whether the personal data is passed on by this company. <\/li>\n\n\n\n<li>Verification of the transfer instrument on which the transfer rests. The GDPR has four transfer instruments in Article 46. If an adequacy decision applies to the third country, the verification consists of establishing its validity. <\/li>\n\n\n\n<li>This step consists of checking whether there are aspects in the legislation and\/or practices in force in the third country that may prevent adequate protection. In particular, government authorities in the third country may have granted themselves certain rights to access personal data. <\/li>\n<\/ul>\n<\/div>\n\n\n\n<div class=\"wp-block-column is-layout-flow wp-block-column-is-layout-flow\">\n<ul class=\"wp-block-list\">\n<li>This is followed by the adoption and adoption of the additional measures necessary to bring the level of protection of the transmitted data up to the level of the EU standard of essential equivalence. This step is only necessary if step 3 has shown that legislation and\/or practice do not offer sufficient protection. <\/li>\n\n\n\n<li>This is where the formal procedural steps governing the adoption of the additional measures are taken, depending on the transfer instrument. In this final step, the protection level is periodically re-evaluated. <\/li>\n\n\n\n<li>In this step, steps 1 through 5 are actually gone through again. The frequency depends on the risk, the size of the data exchange and the sensitivity of the personal data. <\/li>\n<\/ul>\n<\/div>\n<\/div>\n\n\n\n<p class=\"has-neve-text-color-color has-text-color\">The steps must be demonstrably recorded and accessible to the DPO and the supervisor. <\/p>\n\n\n\n<p class=\"has-neve-text-color-color has-text-color\"><strong>How can we help you?<\/strong><\/p>\n\n\n\n<p class=\"has-neve-text-color-color has-text-color\">The steps must be demonstrably recorded and accessible to the DPO and the supervisor. Especially if it is not often needed. We can support your company in carrying out DTIAs. We guide your company through all the steps and ensure proper documentation. <\/p>\n\n\n\n<p>It is possible to organize conducting DTIAs structurally with awareness and training programs and tooling support. <\/p>\n\n\n\n<div style=\"height:50px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div><\/div>\n\n<div class=\"wp-block-cover alignfull\"><span aria-hidden=\"true\" class=\"wp-block-cover__background has-nv-light-bg-background-color has-background-dim-100 has-background-dim\"><\/span><div class=\"wp-block-cover__inner-container is-layout-flow wp-block-cover-is-layout-flow\">\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<h2 class=\"wp-block-heading has-text-align-left has-neve-text-color-color has-text-color has-large-font-size\"><strong>Do you have any questions or would you like to make an appointment? <\/strong><\/h2>\n\n\n\n<p class=\"has-neve-text-color-color has-text-color\">Do you have questions about organising, implementing or expanding the protection of personal data? Our service owner, Andr\u00e9 Biesheuvel or one of his colleagues, will be happy to discuss your specific case.<\/p>\n\n\n\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex\">\n<div class=\"wp-block-button is-style-primary\"><a class=\"wp-block-button__link wp-element-button\" href=\"https:\/\/duthler.nl\/en\/contact\/\" target=\"_blank\" rel=\"noreferrer noopener\">Contact us<\/a><\/div>\n<\/div>\n\n\n\n<div style=\"height:100px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n<\/div><\/div>\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":8,"featured_media":0,"parent":17634,"menu_order":2,"comment_status":"closed","ping_status":"closed","template":"","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"on","neve_meta_content_width":100,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"on","neve_meta_reading_time":"","_themeisle_gutenberg_block_has_review":false,"footnotes":""},"class_list":["post-19661","page","type-page","status-publish","hentry"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data Transfer Impact Assessment (DTIA) - Duthler Associates<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Transfer Impact Assessment (DTIA) - Duthler Associates\" \/>\n<meta property=\"og:url\" content=\"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/\" \/>\n<meta property=\"og:site_name\" content=\"Duthler Associates\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-28T12:47:42+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@Duthler_NL\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/services\\\/protecting-personal-data\\\/data-transfer-impact-assessment-dtia\\\/\",\"url\":\"https:\\\/\\\/duthler.nl\\\/en\\\/services\\\/protecting-personal-data\\\/data-transfer-impact-assessment-dtia\\\/\",\"name\":\"Data Transfer Impact Assessment (DTIA) - Duthler Associates\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#website\"},\"datePublished\":\"2022-10-17T09:51:43+00:00\",\"dateModified\":\"2024-03-28T12:47:42+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/services\\\/protecting-personal-data\\\/data-transfer-impact-assessment-dtia\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/duthler.nl\\\/en\\\/services\\\/protecting-personal-data\\\/data-transfer-impact-assessment-dtia\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/services\\\/protecting-personal-data\\\/data-transfer-impact-assessment-dtia\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/duthler.nl\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Services\",\"item\":\"https:\\\/\\\/duthler.nl\\\/en\\\/services\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Protecting personal data\",\"item\":\"https:\\\/\\\/duthler.nl\\\/en\\\/diensten\\\/beschermen-van-persoonsgegevens\\\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Data Transfer Impact Assessment (DTIA)\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/duthler.nl\\\/en\\\/\",\"name\":\"Duthler Associates\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/duthler.nl\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#organization\",\"name\":\"Duthler Associates\",\"url\":\"https:\\\/\\\/duthler.nl\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/0.png\",\"contentUrl\":\"https:\\\/\\\/duthler.nl\\\/wp-content\\\/uploads\\\/2019\\\/06\\\/0.png\",\"width\":400,\"height\":400,\"caption\":\"Duthler Associates\"},\"image\":{\"@id\":\"https:\\\/\\\/duthler.nl\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/Duthler_NL\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/duthler-associates\",\"https:\\\/\\\/www.youtube.com\\\/user\\\/duthlerassociates\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Transfer Impact Assessment (DTIA) - Duthler Associates","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/","og_locale":"en_US","og_type":"article","og_title":"Data Transfer Impact Assessment (DTIA) - Duthler Associates","og_url":"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/","og_site_name":"Duthler Associates","article_modified_time":"2024-03-28T12:47:42+00:00","twitter_card":"summary_large_image","twitter_site":"@Duthler_NL","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/","url":"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/","name":"Data Transfer Impact Assessment (DTIA) - Duthler Associates","isPartOf":{"@id":"https:\/\/duthler.nl\/en\/#website"},"datePublished":"2022-10-17T09:51:43+00:00","dateModified":"2024-03-28T12:47:42+00:00","breadcrumb":{"@id":"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/duthler.nl\/en\/services\/protecting-personal-data\/data-transfer-impact-assessment-dtia\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/duthler.nl\/en\/"},{"@type":"ListItem","position":2,"name":"Services","item":"https:\/\/duthler.nl\/en\/services\/"},{"@type":"ListItem","position":3,"name":"Protecting personal data","item":"https:\/\/duthler.nl\/en\/diensten\/beschermen-van-persoonsgegevens\/"},{"@type":"ListItem","position":4,"name":"Data Transfer Impact Assessment (DTIA)"}]},{"@type":"WebSite","@id":"https:\/\/duthler.nl\/en\/#website","url":"https:\/\/duthler.nl\/en\/","name":"Duthler Associates","description":"","publisher":{"@id":"https:\/\/duthler.nl\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/duthler.nl\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/duthler.nl\/en\/#organization","name":"Duthler Associates","url":"https:\/\/duthler.nl\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/duthler.nl\/en\/#\/schema\/logo\/image\/","url":"https:\/\/duthler.nl\/wp-content\/uploads\/2019\/06\/0.png","contentUrl":"https:\/\/duthler.nl\/wp-content\/uploads\/2019\/06\/0.png","width":400,"height":400,"caption":"Duthler Associates"},"image":{"@id":"https:\/\/duthler.nl\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/Duthler_NL","https:\/\/www.linkedin.com\/company\/duthler-associates","https:\/\/www.youtube.com\/user\/duthlerassociates"]}]}},"_links":{"self":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/pages\/19661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/comments?post=19661"}],"version-history":[{"count":0,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/pages\/19661\/revisions"}],"up":[{"embeddable":true,"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/pages\/17634"}],"wp:attachment":[{"href":"https:\/\/duthler.nl\/en\/wp-json\/wp\/v2\/media?parent=19661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}