Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Three Key Takeaways From the Newly Adopted EU-US Data Privacy Framework You Need To Know

    EU Data PrivacyOn July 10th, the EU Commission adopted an adequacy decision for the proposed EU-U.S. Data Privacy Framework. This is exciting news for organizations, as many have been stuck in privacy "limbo" since the annulment of the previous EU-U.S. Data transfer mechanism, Privacy Shield, which was annulled due to challenges in court by privacy activist Max Schrems.

     The Privacy Shield mechanism was struck down by EU courts due to not having enough protections for EU residents against United States surveillance laws and executive orders, namely FISA 702, Executive Order 12333, and the CLOUD Act.

    The new framework seeks to address those issues to ensure that EU resident data is protected and that citizens have appropriate legal mechanisms to address any non-compliance with the safeguards required by the new framework.

    So what are the key takeaways for the new framework?

    1. Organizations now have a legal mechanism to transfer data from the EU to the U.S. without requirements to get a patchwork of data transfer mechanisms in place, namely Standard Contractual Clauses and Binding Corporate Rules, which can be burdensome for organizations to manage at scale. Organizations will be able to self-certify to the new mechanism, and the approved certification will be considered an attestation to compliance with the data protection requirements of the EU Commission.
    2. The United States government established a new executive order that provides protections for EU resident data that is being transferred to the United States. These include limited access to EU data by U.S. intelligence agencies, the implementation of a new redress mechanism, and the establishment of the Data Protection Review Court. Establishing these key protections was crucial to bringing the new EU-US Data Privacy Framework to fruition.
    3. The new Framework is based on a set of core data protection principles; such as transparency of data processing, the right to data access, and purpose limitation. These are not new to the privacy community; however, organizations will need to ensure that their privacy programs include these principles and are complied with accordingly.

    The question still remains: will the new framework usher in a new era of data protection and continued flows of data from the EU to the U.S., or will it be another mechanism that is challenged in court and struck down in a few years’ time? In our opinion, no mechanism comes without its faults; however, this is a great step up from the previous iterations and provides significantly more protections for EU resident data processed in the United States.

    At KnowBe4, we are committed to privacy and security and will be committing to the new EU-U.S. Data Privacy Framework as soon as it becomes generally available for organizations to certify. We will continue to monitor its developments to ensure that we are up to date with any new requirements imposed by the EU Commission or other regulatory body.

     

    Return To KnowBe4 Security Blog

    Request A Demo: Compliance Plus

    Old-school compliance training is challenging for organizations to offer, difficult to do right, and is generally very expensive to deliver. In this live one-on-one demo we will show you how easy it is to deliver your compliance training program using Compliance Plus with KnowBe4's training platform.

    CMP-Collage-LCompliance Plus gives you:

    • A whole new library with fresh compliance content updated regularly
    • Coverage of legislative requirements, such as HIPAA and many others
    • New-school high-quality customizable modules
    • Short, interactive modules to keep learners focused, newsletters, docs, and posters are all included
    • Completely automated compliance training campaigns with world-class support and extensive reporting

    See for yourself how Compliance Plus can help you keep your users on their toes with compliance, risk and workplace safety top of mind!

    Request A Demo

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/compliance-plus-demo

    Topics: Compliance, GDPR

    Lecio DePaula

    ABOUT LECIO DEPAULA

    Lecio DePaula currently serves as Vice President of Data Protection for KnowBe4, where he focuses on navigating global data protection requirements and ensuring KnowBe4 meets its data protection standards. He began his career at a privacy tech company, where he became an expert in all things U.S. privacy, with a specific focus on HIPAA compliance. He now leads KnowBe4's effort in protecting its information assets on premise and in the cloud. DePaula has extensive expertise in many European and United States privacy laws, such as GDPR, CCPA, and HIPAA. His primary focus is bridging the gap between privacy and security to create a robust data protection program. DePaula holds a CISSP as well as an AWS/Security certification and is currently a Fellow of Information Privacy certified. He is also certified by the IAPP and is a Certified Information Privacy Professional for Canada, Europe, and the United States.

    Read more from Lecio »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews