The French data protection authority, CNIL, released a Data Transfer Impact Assessment (DTIA) guide.

The French data protection authority, CNIL, released a Data Transfer Impact Assessment (DTIA) guide to aid organizations in transferring personal data outside the European Economic Area (EEA) in compliance with GDPR. The guide outlines the process for conducting a DTIA when using Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) and details when a DTIA is not required, such as for countries with an adequacy decision or exemptions under Article 49. It provides a five-step structure for conducting a DTIA and recommends six measures for ensuring effective data transfers, including assessing third-country laws, identifying risks, and implementing additional measures.