International data transfer: Cross-border monitoring by data protection supervisory authorities in Germany

Jun 2, 2021

The data protection supervisory authorities of several German states are conducting jointly coordinated checks to ensure compliance with data protection law requirements on international data transfers by companies to countries outside the European Union or the European Economic Area (third countries). The background to this is the enforcement around the requirements of the European Court of Justice from the Schrems II ruling of July 16, 2020.

For this purpose, the supervisory authorities are questioning selected companies on the basis of common questionnaires. These deal, among other things, with applicant portals, intra-group data traffic, mail hosting, web hosting and tracking. Each authority decides individually in which of these areas it will take action by sending out the questionnaires, which companies it will approach, or whether the questionnaires will be adapted regionally if necessary.

The announcements for the coordinated audit were published on June 1, 2021 by the supervisory authorities of the following federal states: Bavaria, Berlin, Brandenburg, Hamburg, Lower Saxony, Rhineland-Palatinate and Saarland.

Find here the current questionnaires for the cross-state reviews of the supervisory authorities.

Recent news

Liechtenstein’s DPA Publishes Its Activity Report for 2022

Liechtenstein’s DPA Publishes Its Activity Report for 2022

After the Covid pandemic subsided, the various activities of the "Datenschutzstelle" (Data Protection Service) largely returned to normal in the reporting year. In addition to numerous successful events and consultations, Liechtenstein's DPA also intensified its...

read more
New SARs guidance for employers issued

New SARs guidance for employers issued

On 24 May 2023, the UK Information Commissioner’s Office (“ICO”) announced that it had published new guidance for employers on responding to requests for information.

read more