A Risk-Based Approach to International Data Transfers

Paul Breitbarth*

*Corresponding author for this work

Research output: Contribution to journalArticleAcademicpeer-review


Since the Schrems-II judgment, a discussion is taking place on solving the challenges organ-isations face when transferring personal data out of the European Economic Area: can they rely upon data transfer risk assessments, and may they also consider the likelihood of the risks actually occurring? If not, it seems unavoidable that many international data flows will either need to stop or continue illegally, since the threshold to transfer personal data would become too high to work with on a daily basis. This paper discusses why a risk-based approach to international transfers is both needed and legal, why the guidelines of the Eu-ropean Data Protection Board may be expecting too much from organisations and what a risk-based data transfer should mean in practice. Apart from legislative change, a solution can be found in increased accountability and transparency by organisations, to regain public trust.
Original languageEnglish
Pages (from-to)539-549
Number of pages11
JournalEuropean Data Protection Law Review
Issue number4
Publication statusPublished - 1 Jan 2021


  • accountability
  • data protection
  • international transfers
  • transfer risk assessment


Dive into the research topics of 'A Risk-Based Approach to International Data Transfers'. Together they form a unique fingerprint.

Cite this