A German DPA to carry out 500 company audits on international data transfers

On November 3, 2016, the Bavarian Data Protection Authority (BayLDA) informed that it will carry out a privacy audit on the international data transfers of more than 500 companies.

The Authority has decided to carry out such audits because of the suspicion that companies may transfer data abroad without even being aware of it. Indeed, many small and medium-sized German businesses outsource its data processing – for example through cloud computing – and the service providers transfer personal data to the U.S. and/or other non-EU countries.

The BayLDA will be sending a questionnaire to gather, among others, information on intra-group transfer, marketing, recruiting, cloud storage, email and newsletter services, and on how companies try to achieve an adequate level of data protection. If the data are transmitted under the Privacy Shield, the company is asked whether it relied on a statement by the recipient, or verified the US Department of Commerce list.


More information on the BayLDA audit announcement is available at https://www.lda.bayern.de…


For more information, Francesca Giannoni-Crystal.

Follow us on& Like us on