German DPAs launch enquiry on international transfers to non-EU countries

Ten German state and city level DPAs, coordinated by Bavaria’s DPA, have started a survey of 500 companies’ practices regarding international data transfers. The state and city level DPAs that are involved are: Bavaria, Berlin, Bremen, Hamburg, Mecklenburg-Vorpommern, Niedersachsen, Nordrhein-Westfalen, Rheinland-Pfalz, Saarland and Sachsen-Anhalt. 150 of the 500 companies to be surveyed are under Bavarian jurisdiction.

The companies will be selected at random to represent different sizes of companies in various sectors. They will be asked to fill in a questionnaire that will provide details of their data transfers to third countries, and how they have ensured an adequate level of protection. The companies will be asked about their transfers to the US and other third countries, and required to fill in details about their use of cloud services, marketing, customer relationship management, communication services, recruitment etc.

The Bavarian DPA says that the enquiry is needed as the number of international transfers, particularly due to the use of cloud computing, has greatly grown in recent years. Once the DPAs receive the completed questionnaires, they will evaluate whether a thorough investigation is needed in some cases.

See (in German) which includes a link to the questionnaire.