France: National Commission on Informatics and Liberty adopted final guide on transfer impact assessments

On 31 January 2025, the National Commission on Informatics and Liberty (CNIL) adopted the final version of its guide on Transfer Impact Assessments (TIA) for cross-border data transfers. This guide aims to assist organisations in ensuring that personal data transferred outside the European Economic Area (EEA) maintains a level of protection equivalent to that provided by the General Data Protection Regulation (GDPR). The guide delineates a methodology for conducting TIAs, in accordance with the European Data Protection Board's recommendations, and comprises a 6-step manual, encompassing the identification of transfer tools, the evaluation of third-country legislation, and the implementation of supplementary measures where necessary.