CNIL Issues Guidelines for Data Transfer Impact Assessments
French data protection authority CNIL Friday published the final version of its guide on impact assessment of data transfers. The guide aims to ensure that companies ensure the same level of protection as the General Data Protection Regulation (GDPR) in their data flows.
Sign up for a free preview to unlock the rest of this article
Data transferred outside the EU affects many data processors, the authority said. The interconnection of networks has increased the number of situations where personal data is processed in whole or in part in third countries not subject to EU law, it added.
Data exporters outside the European Economic Area and importers in the country of destination must ensure they treat data in line with EU levels of protection, CNIL said. Exporters are also responsible for suspending data flows and/or terminating a contract if the importer is unable to comply with its personal data protection commitments.
Exporters relying on transfer tools such as standard contractual clauses or binding corporate rules must assess the level of protection in third countries and the need for additional safeguards. The guide can help them accomplish that, CNIL said.