International data transfer

Motivation for the audit

In recent years, the number of international transfers of personal data in the private sector enourmously increased. One reason for this development is the economic globalization as well as the continuous spread of services and products of the so-called Cloud Computing. Even small and medium-sized enterprises in Germany use many of these external services to transfer personal data (e.g. of customers, employees or applicants).

However, many of these services are offered by US companies - and therefore usually require the transfer of personal data to the US and/or other non-EU countries. The experience of the German data protection authorities (DPAs) so far shows that companies are not always aware of the fact that with the use of such products a transfer of personal data to non-EU countries takes place.

Date of the audit

November 2016

Status of the audit

100% finished.

Number of inspected organisations

500 at all - about 150 of these were investigated by the BayLDA


The questionnaire of this audit can be downloaded here:


30 companies passed the audit without reservation. The 55 organizations with shortcomings in their data protection organization were instructed to undertake action to address those shortcomings. Most of the companies implemented solutions and for those which still need adjustment to their data protection organization, reconciliation is currently in progress.