Philipp Rosenauer
Partner Legal, PwC Switzerland
In one of our last blog posts, we discussed the topic of cross-border transfer of personal data. If data are transferred to the USA or another country without adequate data protection (from a Swiss perspective), certain protective measures must be taken under the current (as well as future) Swiss Data Protection Act. However, what are the factors that companies should consider when performing a risk assessment for the data transfer? And which supplementary measures are most appropriate for the protection of personal data?
In order to manage the risks associated with cross-border data transfer, we would like to present the Personal Data Transfer Analyzer Tool. The list below provides more information about our tool:
Inventory of vendors, IT systems and applications with regard to countries to which data is transferred
Assessment of the extent to which data transfer to a country of data export is required
Assessment of local legislation with respect to risk level for data protection
Initial risk-level assessment of individual data transfers
Assessment of safeguarding measures applied and recommendation of measures to mitigate the risk levels
Reassessment of risks of data transfers upon provision of additional security measures
Summary and visualisation of results and development of strategy for ongoing risk management of data transfers
More specifically, we can provide support in the following areas:
- Transfer Impact Assessment Framework – PwC has practical experience in setting up efficient data transfer risk management systems tailored to the organisational culture.
- Personal Data Transfer Analyzer – an Excel-based methodology that allows transfer impact assessment to be performed in line with international standards
- Country Risk Assessments – PwC provides an overview of the data transfer risks posed by a non-EEA country according to a proprietary methodology, which is part of Personal Data Transfer Analyzer.
- Country Risk Assessments Monitoring – PwC can provide organisations with regular updates on selected Country Risk assessments, including new legal acts that may impact Transfer Impact Assessments.
- Assistance in inventory and assessment of particular personal data transfers
- Assistance in selecting the relevant legal, technical and supplementary organisational measures to mitigate data transfer risks.
- Assistance in drafting and supplementing SCCs
Do you have any questions?
Data protection insights
Contact us
