Whistic Adds Transfer Impact Assessment (TIA) to Library

February 08, 2022

In July of 2020, The European Court of Justice ruled that the EU-U.S Privacy Shield is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data. The EU-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data.

Most Standard Contractual Clauses bind both parties in relation to them processing data, but they do not bind a third party if that data were to be transferred. The ruling states the exporter must verify “on a case by case” basis what protections apply with that third party.

The Transfer Impact Assessment, now in the Whistic Questionnaire Library, helps the exporter address data protection concerns for any third party transfers and those assessments need to be monitored on an ongoing basis.

See your full security picture with Whistic. Automate your program, assess vendors easily, and start using security to your advantage. Learn more.

standards vendor security review security assessments third party risk mgmt

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.