Many DPO’s and privacy managers are in the process of migrating existing SCC’s to IDTA’s in preparation for the 2024 deadline (new contracts should have had IDTA’s since last year).
But a few people we have spoken to, did not realise that each IDTA normally needs to be accompanied by a Transfer Risk Assessment (“TRA”). Whilst IDTA’s may sometimes be provided by larger processors, you will almost always need to create the TRA’s yourself.
You can find out more using the ICO link https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-data-transfer-agreement-and-guidance/transfer-risk-assessments/ where you can also download a TRA template.