The DQM GRC Data Transfer Risk Assessment helps organisations navigate the complexities of international data transfers in compliance with the UK GDPR (General Data Protection Regulation) and the guidance provided by the ICO (Information Commissioner’s Office).

Our expert consultants specialise in evaluating and assessing your organisation’s international data transfer practices. We closely follow the ICO’s guidance, ensuring that our assessments align with the latest requirements and best practices. We thoroughly examine your data transfer mechanisms, such as SCCs (standard contractual clauses), BCRs (binding corporate rules) and other appropriate safeguards, to ensure compliance with UK GDPR obligations. This service is crucial for organisations currently relying on old EU SCCs entered into before 21 September 2022 because after 21 March 2024, these will no longer be an appropriate mechanism to make a restricted transfer. We can help you by reviewing such arrangements and advising you on the right alternative for your organisation.

With our Data Transfer Risk Assessment, we can provide:

  • A comprehensive evaluation of your current data transfer processes, including mapping your data flows, to identify risks or gaps;
  • Support in developing practical strategies and recommendations for data transfers, tailored to your circumstances;
  • Guidance on selecting the most suitable transfer mechanisms;
  • Advice on the technical and organisational measures you can deploy to protect the personal data you transfer;
  • Help to establish robust documentation and governance frameworks to demonstrate accountability;
  • Assistance with understanding which supervisory authorities you may need to deal with, and whether you will need an EU representative; and
  • Help to establish processes to ensure future data transfers are assessed to the same level.

What to expect

Your consultant will work with you to schedule interviews with key individuals such as the Head of IT, Privacy Manager, Project Manager and Head of Operations, and review any existing documents, policies or processes involving international data transfers.

These interviews will help your consultant establish whether your organisation is aware of the tasks required and, if so, whether it is on track to complete them.

The consultant will then produce a report showing clearly what actions are not started, started but at risk, and on track or completed. This will help you identify and fill any gaps in your action plan.

If your objective for this report is to help you start your project, we can also include a summary of the decision and its implications, an explanation of the options available to you and a template action plan.

Service benefits

By choosing our Data Transfer Risk Assessment, you will:

  • Mitigate risks associated with international transfer of personal data;
  • Be confident in your data transfers, reassuring stakeholders that data protection is a key priority for your organisation;
  • Be able to confidently assess future international data transfers; and
  • Protect the privacy of your customers.
contact us
Consultancy interview
Bespoke solutions

Bespoke solutions

Make it your own

We can tailor your Data Transfer Risk Assessment to your specific needs and requirements.

Options include:

  • Carrying out a programme of comparative assessments for specific divisions or locations;
  • Assessing the degree to which your specific policy decisions have been implemented;
  • Conducting a more detailed assessment or audit of preparations in respect of specific data transfers; and
  • Anything else to meet your needs – just ask!

contact us