What kind of data transfer mechanism should I have if the processor is collecting data from eu residents on behalf of a controller ? ie processor collects data of eu residents,transfers to controller

Posting as :
works at
You are currently posting as works at

The processor (me in the us) collects eu Data from residents on behalf of a us company (controller) and then transfers the data to controller in the us. The model clauses don’t seem to work here.


The controller would need to collect consent and it can be withdrawn.

Depends- if the processor is identified as performing actions based on a contract/SOW with the controller:
1. I use an annex that outlines roles with each data piece
2. Do a third P review with the processor to show due diligence in ability to protect/transfer data
3. The controller is still responsible for who they chose to process on their behalf. GDPR made sharing accountability the responsibility of both parties.
4. Can any if the data in transit be cleansed by EU processor b4 going to US? Annonymize/aggregate/encryption?
5. Consent may not be required depending on the legal basis used - if Legit Interest- notice served and ability to access/see/ask to be forgotten, etc. Ie. If transaction to pay for a product in the US.


Related Posts

Anybody work in Loan Syndications? What are the hours like within these groups? Thanks!


And…prepare to be ghosted!

Post Photo

If anyone is trying to make moves to another PA firm (in SF/Bay Area) in audit or tax hmu for that dank referral. Also if you have any gen questions about moving to the Bay Area ✌️


What’s the average salary senior analysts are making in Chicago? How many years?

Thank you for starting this bowl. I come from a strict Christian background and it’s becoming hard to reconcile my faith with agency life. I never used to drink, now I am borderline alcoholic. Need 🙏🏼🙏🏼


I realised that I ate toast with cheese for breakfast, a grilled cheese for lunch and made a cheese quesadilla for dinner. 🤷‍♀️


What percentage Accenture can give a hike ? They told me that 50% max they can give me a hike on my current CTC . How would I convey them to increase Accenture ? YOE:5.0


Is a 529 account worth it for MBA?


Hi Adobe folks, Could you please let me know what's the ideal salary for a program manager for 4 yoe at Adobe India?

Also, how many rounds of interview is supposed to be happen for this position?


Dear Fishes,

Anybody joining Citi tomorrow the 18thMay2022 ? Please comment


I needed to do a solid 8 hours of work today but I'm too hungover to get out of bed. I'm doomed


Wordle 513 3/6



Week 5 who to start at TE: Tyler Higbee (vs SEA) or Dalton Schultz (vs NYG)? Really torn up on who the better move is this week


Can anyone recommend good investment options in Bank of America HSA account? I feel their funds are very limited compared to what I have seen from 401k and IRA. Anyone recommends your HSA account?

I laugh so hard sometimes, I wonder if I scare my neighbors. 🥺


Would a company give me a chance in cloud with aws SAA and aws security specialty in your opinion ?

What does everyone do for CharlieCard fees when there's the possibility that you'll be traveling at a moment's notice? Weekly/monthly pass or just pay by trip?

Just got the call from AD on a Rolex green dial sub. Never seen in person but am I crazy to even be hemming and hawing about this? Assume I could flip in a heartbeat if I didn’t like it?


is Fujitsu calling people to office all days or is it hybrid mode or is it optional as per employee convenience??

Additional Posts in Privacy Law

Which takes more study time to finish CIMP or CIPP/E?


Best resources to learn about adtech for lawyers? Particularly interested in the contracts aspect, but also just want to become more conversant in the area generally! TIA!


Can creditors go after my US assets if I file for bankruptcy in a different country? Not sure if this is based on US law or that country's law (Spain)


Hi everyone !

I am trying to relocate in London, as a Legal Counsel in Privacy.

The opportunities there seems more interesting in terms of missions and financially. I had interviews for companies but one obstacle keeps coming up: I am not a qualified lawyer because is it not necessary to be one when you’re an in house in France.

I do have 2,5 years of experience as a Legal Counsel in Privacy and strong referrals.

Do you maybe have any tips to help me :) ?

Many thanks!


I have 3 yoe in cyber security/Enterprise Security. Primarily in the role of leading business security discussions with large customers. I hold a CCSP.

However I am not hands on in any domains except soc reports. Eventually I want to hold a leadership role. Any advice on what to do next (Certs, etc)? Currently studying for CISSP.


Low billable, low pressure work in privacy law? Slowly realizing that as my boys get older, the money isn’t worth what I’m missing out on. Currently a tech litigation associate with lots of hearing, depo and trial experience (I’ve appeared on my own at hearings/depos) at a well respected firm. I have limited privacy experience despite being hired for that reason… Have my CIPM and CIPP/US /E and /C. Remote preferred; hubs is pilot with cool intl transfer opportunities. Money isn’t issue.


Hi all! I’m inclined on taking up the CIPM training and certification exam. I’m already a certified Data Protection Officer in the Philippines. I intend on skipping CIPP as it applies to the US and EU.

How difficult was the exam? Can you share your experience studying for the CIPM exam? Is it advisable to skip CIPP?

Many thanks in advance.


I’m an Australian qualified lawyer, looking for privacy work in the US. Just wondering, in your experience, do the companies in the US have much interaction with Australian privacy principles?


Trying to study for my CIPP certification during the holidays. I bought a hard copy of the US privacy law book published by the IAPP. Whats the best way to study?


Are any privacy and data protection attorneys willing to offer suggestions on how a junior attorney can get into this space? I am taking the CIPP/US exam this week and have privacy internships, (cont)


Advice needed!! Have 8+ years of compliance/legal/in house experience (not privacy law except HIPAA). I really want a Privacy Counsel role so I took and passed the CIPP/US and CIPM exams this past year. I’ve been offered an Associate Director job at PwC. Is this a good stepping stone to a Privacy Counsel role? How long should I expect to work at PwC before I could apply to Privacy Counsel roles??


Hello! Are there any CYBERSECURITY professionals here that work with law firms ?


So as a 30ish yo with a government/PE/tech background and CIPM/CIPP… I’m finding privacy work is just much easier and interesting than other kinds, but still pays plenty well.

Is it too late/inadvisable to go to law school to specifically aim for privacy work?

I just find some firms are unwilling to entertain the idea that anyone but a lawyer has anything relevant to contribute in this space…


I feel like a mega nerd saying this but I just got staffed on my first data breach response and I'm having so much fun! 🥸😅


Does anyone have an outline for the CIPP/US exam? This book is too long and I don’t have the time to make my own. Thanks!


Any advice on pivoting into a privacy counsel/associate role? Graduated from law school in 2020 at the height of the pandemic, took a JD advantage role in privacy at a FAANG company upon graduation as I had no offers lined up (Covid dried up a lot) recently promoted to program manager, but looking to pivot into a counsel role. Any advice on how to translate my experience or even get my foot in the door? Have I pigeon holed myself into an operations/consulting career trajectory? Stay on as a PM?


A volunteer DPO position? Really?

Post Photo

In terms of taking the next step to elevate your career- what items are you heavily focusing on? I have speciality in data governance as well as product counseling, but curious to know what others find most helpful in their practice areas.


New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here


Embed this post

Copy and paste embed code on your site


Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Send download link to your phone


Scan your QR code to download
Fishbowl app on your mobile

By continuing you agree to Terms of Use and Privacy Policy.

Messaging rates may apply

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or