Published: September 1, 2021

Following the decision of the Court of Justice of the European Union in the Case C-311/18: Data Protection Commissioner v. Facebook Ireland Ltd and Maximilian Schrems, organizations around the world have begun conducting transfer impact assessments. These TIAs typically consider the sufficiency of foreign protections on a case-by-case basis when data is transferred using standard contractual clauses, binding corporate rules or other EU-approved data transfer mechanisms. Given the global impact of the ruling and breadth of sectors affected, there are many different ways to approach such assessments in line with EU guidance. We are publishing the following templates as one resource to assist privacy professionals in conducting TIAs, with thanks to the contributor. The IAPP does not endorse any specific template. We welcome additional templates that can be shared with the privacy community. Please reach out to us at