The EU-U.S. Data Privacy Framework (DPF)
1. What is the EU-U.S. data privacy framework?
On 10 July 2023, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (DPF). The DPF replaces the EU-U.S. Privacy Shield as a legal mechanism for transferring personal data from the EU to organizations in the U.S. participating or certified to the DPF. NimbleWork welcomes adopting the adequacy decision for the DPF as a commitment of mutual trust between the U.S. and the EU/UK. The DPF restores legal certainty for transatlantic transfers of personal data under the GDPR and advances strong privacy safeguards. The DPF provides more simplicity and confidence to public and private organizations transferring data from the EU or UK to the U.S.
With the adoption of the adequacy decision, EU and UK organizations can transfer personal data to organizations in the U.S. participating in the DPF without having to put in place additional data protection safeguards.
2. Has NimbleWork been certified for the EU-U.S. data privacy framework?
NimbleWork has been certified to the EU-U.S. Data Privacy Framework (DPF) and adheres to the DPF Principles. You can view the NimbleWork DPF certification here. Please note that to locate the certification, search for “NimbleWork” in the search bar.
3. Does the EU-U.S. Privacy Shield still apply?
No. The EU-U.S. Privacy Shield is no longer a valid legal mechanism for transferring personal data from the EU or UK to the U.S. The EU-U.S. Data Privacy Framework has replaced it.
4. Does the EU-U.S. Data Privacy Framework apply to transfers from the UK to the U.S.?
In October 2023, the UK issued an adequacy decision on the EU-U.S. Data Privacy Framework (DPF), which established a UK Extension to the DPF. The extension automatically applies to organizations certified under the DPF, which means organizations subject to the UK GDPR can transfer personal data to organizations in the U.S. participating in the DPF without having to put in place additional data protection safeguards.
5. Where can I find more information about the EU-U.S. Data Privacy Framework?
The European Commission and the Data Privacy Framework Program provide more details on U.S. organizations’ obligations under the EU-U.S. Data Privacy Framework.
6. How can I share my concerns with Nimblwork about how my data has been handled under the EU-U.S. Data Privacy Framework?
Customers wishing to contact NimbleWork with any inquiries or complaints about our data handling under the EU-U.S. Data Privacy Framework can contact [email protected]
