Transfer Impact Assessment (TIA) — 1 page
1) What is being transferred?
- Data: [types]
- From: [EU/UK entity]
- To: [country]
- Vendor: [name]
2) Why is the transfer needed?
3) Risk summary
- Primary risks: [e.g., government access, vendor sub-processors]
- Likelihood: [low/med/high]
- Impact: [low/med/high]
4) Mitigations
- [encryption]
- [minimization]
- [access controls]
- [contractual commitments]
5) Decision
- Approved? [Yes/No]
- Reviewer: [name]