Skip to content
English - United Kingdom
Contact us
  • There are no suggestions because the search field is empty.

Mapping Third Country Transfers

How do you map your third country transfers? Why does it matter? What about the Trans-Atlantic Data Privacy Framework?

Publish date: December 9, 2024

Why do we need to map third country transfers

You are required to map third country transfers in order to ensure that you comply with the GDPR regulations regarding the transfer of personal data to countries outside of the EU/EEA.

This includes ensuring that adequate safeguards are in place to protect personal data when it is transferred to third countries.

The purpose of the mapping is to ensure that the rules of the regulation are not diluted because the information is transferred to countries outside the EU/EEA that are not subject to GDPR.

When you map your third country transfers to your vendors, this information will be included in your Records of Processing Activities (ROPA) report. In the report it will therefore be stated that you have documented your basis for third country transfer.

How do I map third country transfers

In Wired Relations you map your third country transfers from your vendors. Because you will always be transferring personal data to another independent legal entity.

To map your transfers open up one of your vendors, and go to the tab "Locations". From here you can map transfers that take place directly to this vendor, and also any transfers to sub-processors.

 

Mapping Third Country Transfers ENG - add subprocessor

By adding a location you can type in the address, zip code, city, and most significantly the country that the transfer takes place to.

Mapping Third Country Transfers ENG - New Location

If you add a country outside of the EU/EEA then a 5th question will appear "Is personal data transferred to this location?"

If yes, then you need to select at least one legal mechanism for the transfer.

Mapping Third Country Transfers ENG - Transfer mechanisms

Mapping sub-processor transfers

Mapping your sub processors is very similar. The difference is that you're able to add additional information such as who the processor is and the purpose of the transfer.

Note the sub-processor function is limited to our paid plans.

Mapping Third Country Transfers ENG - Subprocessors

The Trans-Atlantic Data Privacy Framework (transfer to companies in the United States)

With the new Trans-Atlantic Data Privacy Framework we now have a replacement for the Privacy Shield transfer mechanism. Remember that this is a certification framework, and can only be used as a transfer mechanism to certified companies. See the list of certified companies here.

If your site was created before July 10th 2023 then your list of legal transfer mechanisms will by default include Privacy Shield and not the Trans-Atlantic Data Privacy Framework.

To change this simply go to Settings -> Legal justification for transfer (see picture below)

From here you can add, delete, and rename the transfer mechanisms.

 Mapping Third Country Transfers ENG - Settings legal transfer