If a further processor transfers data, must the data controller also carry out a transfer impact assessment (TIA)?
ANSWER
The data controller is responsible for the compliance of the entire processing operation with data protection law, including with regard to the processors involved. The obligation to carry out a TIA may however be contractually delegated to the original processor (i.e. the data exporter), subject to the data controller having the right to access the results of the TIA and the right to object to the transfer of data where the TIA indicates that the transfer should not take place.


