International Data Transfer & Protection

We help you navigate these uncertain waters

The GDPR – an EU Mandate with Global Reach

A free flow of personal data is permitted within the Economic Economic Area (EEA) (being the EU member states plus Iceland, Lichtenstein and Norway) and the these countries are, in turn, obliged to be bound to the data protection prescripts contained in the EU General Data Protection Regulation (GDPR). However, the application of the GDPR reaches beyond the EEA jurisdictional borders in that the processing of personal data of EEA residents must abide by GDPR prescripts even when such processing occurs outside Europe. Thus, a transfer of personal data to third countries (i.e. countries outside the EEA) is subject to a long and arduous regulation.
While the GDPR has been criticised for hampering international trade outside of the EU, surveys show the growing importance placed on high standards pertaining to the protection of personal data. Also, an increase in media reports show that businesses and individuals pay hefty fines for failures to uphold the GDPR.



international data transfer & security

Value-Add to Your Business

Increased legal certainty and reduced exposure to transgressions

Compliance with GDPR and data protection standards

Lower risk of identity theft

Reduced exposure to fines and revenue losses

Increased business efficiency for international companies

International Data Transfer & Protection

Our Approach

We are a global company headquartered in Germany and we are in intimate proximity with all the latest regulatory developments and trends pertaining to international data transfer. We live our core values of data protection and information security, and we strive to instill these values to protect personal data and to help our clients operate responsibly, wherever they may be. Utilising modern consulting methods, state-of-the-art technology and holistic, future-proof approaches, we guide our clients to smart solutions for safe data transfer worldwide. The goal is to reach far beyond the compliance with regulatory prescripts to changed mindsets and greater business success for our clients and partners.


Our Core Services

The foundational process to ensure safe data transfer

GDPR recommended and our service guideline

To ensure accountability, companies need clear records of their transfers, including processors and sub-processors in third, non-EU countries.

In a second step, companies must verify if their transfers are either covered by adequacy decisions of the European Commission, oblige appropriate safeguards or are derogations according to Art. 49 GDPR. This accounts for European countries as well as for third country companies to enable cooperation.

Now, the data exporter must assess if the transfer tools provide adequate protection of the data in the third country. The processing needs to be based on clear, precise and accessible rules and consider for example the purpose of the processing, the types of entities involved, or the processing sector.

If the tools are not effective, supplementary measures must be evaluated and implemented to ensure the required level of protection:
   a) Standard data protection contractual clauses (SCCs)
   b) Binding corporate rules (BCRs) 
   c) Ad-hoc contractual clauses

This assessment process should be re-evaluated regularly to check whether the protection level of the third country transfer is still adequate. New security laws might cause changes.

Excerpt from our solution portfolio

1 | Analysis of global data privacy obligations

An analysis of your legal obligations must be the first step in international business. This is a vital step, as it also considers whether the third country, where the personal data of EU residents is processed has been subject to an adequacy decision by the European Commission and, if not, which ones of the listed safeguards in the GDPR would best suit your business needs.

2 | Detection of out-of-policy cross-border data transfers

This analysis systematically detects cases in which personal data of EEA residents are being processed in a third country without appropriate protection. We offer to identify jurisdictions that have not successfully passed the European Commission’s adequacy decision, assist through the process of setting up and maintaining the necessary safeguards – guiding your company towards a reduced risk of GDPR transgression.

3 | Design & implementation of binding corporate rules (BCRs)

For global companies located outside of Europe and that collect and process the personal data of European residents, BCRs are required. They are proof of the existence of the necessary policies, codes of conduct, internal processes, training, audits and controls in relation to the treatment of personal information, as prescribed in the GDPR. Our services include the co-design and implementation of commitments such as compliance, security, cross-border transfers, sensitive personal information to suit your business and corporate culture needs.

Data is a precious thing and will last longer than the systems themselves.

– Tim Berners-Lee

Contact us for a free first consultation

Tel: +49 911 / 47 75 87 – 0

Close Search Window