Three Key Takeaways From the Newly Adopted EU-US Data Privacy Framework You Need To Know

EU Data PrivacyOn July 10th, the EU Commission adopted an adequacy decision for the proposed EU-U.S. Data Privacy Framework. This is exciting news for organizations, as many have been stuck in privacy "limbo" since the annulment of the previous EU-U.S. Data transfer mechanism, Privacy Shield, which was annulled due to challenges in court by privacy activist Max Schrems.

 The Privacy Shield mechanism was struck down by EU courts due to not having enough protections for EU residents against United States surveillance laws and executive orders, namely FISA 702, Executive Order 12333, and the CLOUD Act.

The new framework seeks to address those issues to ensure that EU resident data is protected and that citizens have appropriate legal mechanisms to address any non-compliance with the safeguards required by the new framework.

So what are the key takeaways for the new framework?

  1. Organizations now have a legal mechanism to transfer data from the EU to the U.S. without requirements to get a patchwork of data transfer mechanisms in place, namely Standard Contractual Clauses and Binding Corporate Rules, which can be burdensome for organizations to manage at scale. Organizations will be able to self-certify to the new mechanism, and the approved certification will be considered an attestation to compliance with the data protection requirements of the EU Commission.
  2. The United States government established a new executive order that provides protections for EU resident data that is being transferred to the United States. These include limited access to EU data by U.S. intelligence agencies, the implementation of a new redress mechanism, and the establishment of the Data Protection Review Court. Establishing these key protections was crucial to bringing the new EU-US Data Privacy Framework to fruition.
  3. The new Framework is based on a set of core data protection principles; such as transparency of data processing, the right to data access, and purpose limitation. These are not new to the privacy community; however, organizations will need to ensure that their privacy programs include these principles and are complied with accordingly.

The question still remains: will the new framework usher in a new era of data protection and continued flows of data from the EU to the U.S., or will it be another mechanism that is challenged in court and struck down in a few years’ time? In our opinion, no mechanism comes without its faults; however, this is a great step up from the previous iterations and provides significantly more protections for EU resident data processed in the United States.

At KnowBe4, we are committed to privacy and security and will be committing to the new EU-U.S. Data Privacy Framework as soon as it becomes generally available for organizations to certify. We will continue to monitor its developments to ensure that we are up to date with any new requirements imposed by the EU Commission or other regulatory body.

Request A Demo: Compliance Plus

Old-school compliance training is challenging for organizations to offer, difficult to do right, and is generally very expensive to deliver. In this live one-on-one demo we will show you how easy it is to deliver your compliance training program using Compliance Plus with KnowBe4's training platform.

CMP-Collage-LCompliance Plus gives you:

  • A whole new library with fresh compliance content updated regularly
  • Coverage of legislative requirements, such as HIPAA and many others
  • New-school high-quality customizable modules
  • Short, interactive modules to keep learners focused, newsletters, docs, and posters are all included
  • Completely automated compliance training campaigns with world-class support and extensive reporting

See for yourself how Compliance Plus can help you keep your users on their toes with compliance, risk and workplace safety top of mind!

Request A Demo

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Topics: Compliance, GDPR

Subscribe to Our Blog

Comprehensive Anti-Phishing Guide

Get the latest about social engineering

Subscribe to CyberheistNews