The Authority has decided to carry out such audits because of the suspicion that companies may transfer data abroad without even being aware of it. Indeed, many small and medium-sized German businesses outsource its data processing – for example through cloud computing – and the service providers transfer personal data to the U.S. and/or other non-EU countries.
The BayLDA will be sending a questionnaire to gather, among others, information on intra-group transfer, marketing, recruiting, cloud storage, email and newsletter services, and on how companies try to achieve an adequate level of data protection. If the data are transmitted under the Privacy Shield, the company is asked whether it relied on a statement by the recipient, or verified the US Department of Commerce list.
More information on the BayLDA audit announcement is available at https://www.lda.bayern.de…
For more information, Francesca Giannoni-Crystal.