Over the past several years, as we have worked with clients to operationalize privacy compliance documentation, taking into account legislative requirements and iterating over time with regulatory guidance, we have built up a considerable library of templates. To help real life privacy pros fill out these templates, as well as their non-privacy specialist peers, we’ve often paired our templates with instructional text and explainers. Believe it or not, privacy documentation is NOT always straight forward, especially to folks that might be missing important context.
Today, we’re launching a new ‘Reference’ section of the Lucid site, with our first public template, a Transfer Impact Assessment template. The resources in our reference section are intended to be used, so please come inside and give them a whirl. They are also intended to advance discussion, both within industry and between industry and regulators.
- How can we improve these materials, as an industry seeking to comply in good faith?
- How should these materials be updated over time?
- How should these materials be customized for specific use cases?
- Can efficiencies be gained to reduce compliance burden without undermining substantive compliance?
We very much welcome feedback about these docs, including suggestions for additional materials that you would like to see. Please drop us a line at hello at lucidprivacy.io.
A note about the Transfer Impact Assessment:
The Lucid TIA template aims to provide businesses with a comprehensive risk-based assessment tool that covers all of the domains relevant to the assessment of international transfers, without being overly complex or burdensome, although we understand that completing these assessments may still likely be a challenge for many in market.The TIA is based primarily on the EDPB recommendations and the EDPB European Essentials Guarantees documentation. However the template does also take into consideration a range of other materials, including the case notes in the Schrems II ruling, the details relating to 'adequacy' laid out in Article 45 of GDPR, recent EU adequacy agreement documentation (the UK adequacy agreement) and a collection of TIA templates already available in market. The template also draws on the draft ICO Transfer Risk Assessment tool that was released during consultation last year, and as such the Lucid TIA template can currently be used to document and assess transfers from both the EU and the UK.