A client requests that you conduct a TIA for data transfers to a US cloud service provider who will (gasp) access the data in the clear.
run away and leave a cartoon-like cloud of dust take their money and laugh take their money and cry or other
We covered several topics, including:
How are multinational based in the US approaching cross border transfers of HR data? Will the UK initiative move the needle in the EU, with respect to either: helpful third country assessment information or generally re: risk based? What methodology are companies using for TIAs and risk assessment? How are they approaching TIAs for sub processors and sub sub processors until we reach Middle Earth? Is there anything concrete we can do besides swipe the waterproof mascara and cry and pray?
Read the article