On 8 January 2024, the Commission nationale de l'informatique et des libertés (CNIL) opened a consultation on their draft Guide on Transfer Impact Assessments (TIA) which lasts until 12 February 2023. The Guide, serving as a methodology and checklist, outlines the necessary elements for conducting a TIA. The TIA is required by data exporters from the European Economic Area (EEA) transferring data to a third country under Article 46 of the GDPR. It aligns with the six steps recommended by the European Data Protection Board (EDPB) and references relevant documentation. The Guide explains the purpose and scope of the TIA and sets out six steps to follow in carrying out a TIA: knowing the transfer, documenting the transfer tool, evaluating legislation and effectiveness of protection in the target country, identifying and adopting supplementary measures, implementing supplementary measures, and regular re-evaluations.
Original source