Yousaf Amanat & Associates | View firm profile
As part of the engagement Yousaf Amanat & Associates compiled an 80 page report addressing the following issues:
Determine in how far GIZ is subjected to local data protection laws and other regulations amidst the legal status of GIZ’s offices as dependent establishments with their headquarters based in Germany (EEA)
Analyze all applicable national and regional legal regimes and practices that may have an impact on the protection of personal data (especially for national personnel, local partners and beneficiaries)
Include any ongoing changes and drafts for future laws and regulations, if applicable
Summary of possibilities of lawful access or potential disclosure of data transferred from the EEA into the target jurisdiction by public authorities
Compilation of an overview comparing the EU-GDPR and applicable local/regional laws on data protection
Identification of possible discrepancies and potential conflicts of law (EU-GDPR vs. applicable local/regional laws)
Local laws prohibiting or enforcing the use of cryptographic algorithms
Reporting obligations to supervising authorities (for example regarding security incidents)
Sector specific regulations (for example for the local public sector or sectors of critical infrastructure)
Local laws or regulations indirectly influencing information security controls (e.g., local youth protection laws resulting in content filters for internet access for minor employees)
Information security in case of data transfer from the partner country to third countries, especially EEA.
Highlight all necessary steps (if applicable) to transfer data (personal and non-personal) into the EEA and other partner countries.