“Going forward, (Data Protection Impact Assessments) DPIAs should be considered beneficial to both controllers and processors for multiple reasons, including determining which alternative transfer mechanisms might be most viable, as well as establishing supplementary measures,” says Adam C. Schlosser for IAPP, the International Association of Privacy Professionals.

“Also, in light of the recent decision, there is an argument that now any processing activity that involves a transfer outside of the European Economic Area could be classified as a ‘high risk activity’ and may eventually become mandatory anyway.”

“The end result of a DPIA aimed at identifying new transfer mechanisms should be to document whether your organization is processing any data that might be at a higher risk for national security or law enforcement surveillance, and if it is, are there any mitigation steps you could take.”

Details from the International Association of Privacy Professionals.