Data Transfer Methodology
DLA Piper Global Data Transfer Methodology

The global Data Protection, Privacy & Security team at DLA Piper have designed a standardised data transfer methodology to help data exporters and importers logically assess the safeguards available when transferring personal data to particular third countries and whether they are adequate. The methodology includes a five step assessment process, comprising a proprietary scoring matrix and weighted assessment criteria to help manage effective decision making. It is fully aligned to latest requirements of EU data protection law following the CJEU ruling in Schrems II. The model takes into account key relevant factors including:

  • the regulatory regime in the countries where the data exporter and importer are respectively based;
  • the nature of, and purposes for which, the data that are being transferred;
  • the extent to which the laws in the destination country provide appropriate protection to data subjects, taking account of:
  • the safeguards offered by local data privacy laws;
  • the risks posed by wider laws authorising public authorities to access or conduct surveillance on private information for national security or other reasons – recognising laws in some of these areas are likely to be apply to specific sectors only;
  • the ease of access to judicial process to protect personal rights;
  • the role of local regulators and supervisory authorities in protecting data;
  • the ability of individuals to raise complaints, appeal and enforce decisions;
  • the impact of relevant international treaties and related commitments;
  • any additional safeguards applied to the proposed transfer arrangements – whether due to additional contractual clauses, industry specific protections, or specific technical and organizational controls;
  • the residual risk to a data subject.

The assessment is designed to provide an auditable report to support decision making as to whether, on a case by case basis, sufficient safeguards are in place to be able to proceed with a transfer. The DLA Piper team will regularly review and, where appropriate, enhance the assessment model to ensure it reflects latest regulatory guidance.

For further information please contact Jennie Nilsson, head of DLA Piper´s Swedish data privacy practice.