France: Closed consultation on Draft Guide on Transfer Impact Assessments

On 12 February 2024, the public consultation on the Commission nationale de l'informatique et des libertés (CNIL) draft guide on transfer impact assessments (TIA), closed. The Guide, serving as a methodology and checklist, outlines the necessary elements for conducting a TIA. The TIA is required by data exporters from the European Economic Area (EEA) transferring data to a third country under Article 46 of the GDPR. It aligns with the six steps recommended by the European Data Protection Board (EDPB) and references relevant documentation. The Guide explains the purpose and scope of the TIA and sets out six steps to follow in carrying out a TIA: knowing the transfer, documenting the transfer tool, evaluating legislation and effectiveness of protection in the target country, identifying and adopting supplementary measures, implementing supplementary measures, and regular re-evaluations.