EU–US GDPR Data Transfer Assessment and Action Plan

Published on Tuesday, July 28, 2020 - 16:18 by Camilla Winlo

EU–US GDPR Data Transfer Assessment and Action Plan 

Following the Schrems II ruling by the European Court of Justice in July 2020, any organisation transferring data from the EU to the US needs to take steps to ensure they remain compliant with the GDPR. 

  • Does your organisation or its suppliers use services built by US-owned companies such as Microsoft, Salesforce or Facebook?
  • Does your organisation or its suppliers transfer data between the EU and the US?
  • Do you need help to make sure your data transfers are lawful?

Our EU-US Data Transfer Assessment and Action Plan will help you remain compliant with the GDPR when transferring personal data outside of the European Union, and enable you to establish your level of compliance related to the location and lawfulness of your data processing. We will work with you to produce a practical, step-by-step action plan that will set out all the options your organsiation has for its EU-US data transfers.

Get in touch with one of our expert consultants to find out how we can help your organisation navigate Schrems II and your US-EU data processing activities. 

What our EU-US Data Transfer Assessment and Action Plan includes:

  • Our consultants will conduct a detailed review of your records of processing, process maps and data flow maps to identify the processes that will need to be addressed.
  • A set of questionnaires will also be sent to your suppliers in order to review their data processing arrangements.
  • Your suppliers' responses will be reviewed and assessed.
  • We will undertake a gap analysis to identify any missing information.
  • Our expert team will review your suppliers’ privacy notices and other supporting information.

What you can expect from us:

  • A clear, actionable report on the key findings and recommendations for EU–US data transfers. This will be presented during a one-hour meeting (this can be face-to-face or virtual).
  • Clear information about remaining GDPR compliant in relation to EU–US data transfers.
  • A practical action plan that outlines all the steps your organisation will need to take. 
  • We also offer optional support to help your organisation implement its action plan.

Why use us? 

We are an award-winning data privacy consultancy and one of the longest-established specialist data protection consultancies in the UK.

Our clients range from multinational corporations to small family-run businesses.

We can draw on expert help from across GRC International Group, including hands-on implementation delivery, training, information security services, data protection legal and compliance assistance, and data protection software.


Due to the need to receive questionnaire responses from suppliers, please allow three weeks for this service to be completed.

Interested? Get in touch with one of our expert consultants to discuss your organisation's needs today, or call our team on +44 [0]1494 442900. 

Find out more?

Leave your contact details below and one of our expert team will be in touch

We will only use the contact details you supply on the basis of our legitimate interest to respond to your query and contact you about DQM GRC. You will always be given the opportunity to opt-out from future communications. Please read our privacy policy for more details.


Find out more..

If you are interested in any of our services then please either use the contact form or contact us via of the methods below:

  •   Telephone
  •   E-mail

  •   +44 (0)1494 442900