When are transfer assessments required? Triggers under GDPR, UK GDPR and nFADP, common blind spots, how to run them and the operating model that keeps them defensible.