The data protection supervisory authorities of several German states are conducting jointly coordinated checks to ensure compliance with data protection law requirements on international data transfers by companies to countries outside the European Union or the European Economic Area (third countries). The background to this is the enforcement around the requirements of the European Court of Justice from the Schrems II ruling of July 16, 2020.
For this purpose, the supervisory authorities are questioning selected companies on the basis of common questionnaires. These deal, among other things, with applicant portals, intra-group data traffic, mail hosting, web hosting and tracking. Each authority decides individually in which of these areas it will take action by sending out the questionnaires, which companies it will approach, or whether the questionnaires will be adapted regionally if necessary.
The announcements for the coordinated audit were published on June 1, 2021 by the supervisory authorities of the following federal states: Bavaria, Berlin, Brandenburg, Hamburg, Lower Saxony, Rhineland-Palatinate and Saarland.
Find here the current questionnaires for the cross-state reviews of the supervisory authorities.