The GDPR strictly regulates the transfer of personal data. When transferring data to external service providers as processors, a Data Processing Agreement (“DPA”) is essential under Art. 28 GDPR. For transfers to third countries outside the EU/EEA, the special requirements of Chapter V of the GDPR (Art. 44 et seq.) apply, which require appropriate safeguards such as Standard Contractual Clauses (“SCCs”) and, where applicable, Transfer Impact Assessments (“TIAs”). The legal situation, particularly for third-country transfers, is dynamic and requires continuous monitoring.

As your external DPO, we provide comprehensive advice on the data protection-compliant design of your data transfers to meet the complex legal requirements.

We support you by advising on the necessary data protection structuring of data flows, whether to external service providers or within your corporate group, and advise on the appropriate handling of risks.

A core part of our work is the review of Data Processing Agreements. Naturally, we keep you informed about the constantly changing legal developments, especially in the area of third-country transfers.