July 10th was a momentous day in data privacy as it saw the long-awaited adequacy decision adoption by the European Commission. Showcasing that security compliance is again starting to become a level playing field worldwide, the USA is now recognised as providing the same adequate level of protection as the EU.
With USA exports at $48 billion for 2022, this should offer many possibilities for UK and EU companies. Continue reading to learn more and to find out how we can help you get ahead of these changes.
What Is the EU-US Data Privacy Framework (DPF)?
The DPF agreements mean data can now go between the US and EU without restrictions. This directly impacts security operations centres as additional safeguarding and regulatory measures were required.
While this decision facilitates actual business activity, many companies will be thrilled with the result as it represents a new standard of trust instilled in the data transfer functions. Transatlantic data transfers are an essential component of modern business and even more vital to maintain during the tricky time we all find ourselves in.
The DPF means that personal data can be shared between the EU and USA, strengthening business operations and client experiences.
Ursula von der Leyen, president of the European commission, stated,
“The new EU-U.S. Data Privacy Framework will ensure safe data flows for Europeans and bring legal certainty to companies on both sides of the Atlantic. Following the agreement in principle I reached with President Biden last year, the US has implemented unprecedented commitments to establish the new framework. Today, we take an important step to provide trust to citizens that their data is safe, to deepen our economic ties between the EU and the US, and at the same time to reaffirm our shared values. It shows that by working together, we can address the most complex issues.”
What Does The EU-US Data Privacy Framework (DPF) Cover?
Broader Safeguarding Powers
The DPF contains various categorisations of data and their usage, which makes for transatlantic data safety. As long as the businesses and individuals adhere to the rules outlined in the framework, the safeguarding potential for companies is maximised.
This will support organisations at both a basic and advanced level as it means that all operations levels can be protected uniformly. Further benefits mean more business, less risk, and enhanced safety for security infrastructures.
Double Layered Mechanism
One of the changes that have meant the DPF has been successful on this occasion is the addition of the new two-layer redress mechanism. Showcasing the work done to combine the EU and US ways of working, this mechanism is a robust filter through which all data is passed to ensure it can move freely without enhanced risk.
These consist of the following:
Layer One: This covers the Civil Liberties Protection Officer (CLPO), the US governing body responsible for dealing with any issues that may arise.
While their overall duties are far-reaching beyond this data agreement, they are the independent body investigating any EU-submitted complaints in this scenario. They are responsible for assessing the complaint and dealing with it accordingly, passing it to the European Data Protection Board in the US.
Layer Two: The next part of the process is the binding authority element of the agreement, the Data Protection Review Court (DPRC). Responsible for assessing appeal decisions made by the CLPO unbiasedly, the DPRC operates outside of the US to ensure impartiality at all times.
Not only does this double-layered approach allow for structured and uniform decision-making to take place, but it also enhances accountability to the same standard as the EU’s current operations. The processes are also created with high turnovers in mind, meaning that the high influx of business that is likely to follow will be managed fairly. This is one of the main factors that has been praised for instilling trust in the overall DPF.
Access to Data
Necessary and proportionate data is covered under the approved DPF agreement, which relates to personal information in the form of personal and business content. This allows data to be accessed safely and does not compromise the EU or US’s interests or current operating standards.
It should also be noted that this is the third attempt at approving the EU and US DPF, with data transferring and access procedures having been one of the most criticised aspects during past applications for adoption.
Facilitate EU Business Growth
The agreement essentially gives people in the EU the power to share their data with US counterparts for business or individual development. The layer of added accountability also means that any unlawfully obtained or held data can be removed with the support of official governing bodies.
Allowing more opportunity and improving the speed of collaboration will see markets thrive over the coming months and years.
How Does This Affect Businesses?
Currently, the main responsibility sits with US companies as they must complete a self-certification to show that their data privacy processes align with the DPF-approved structure.
Once in place, it will mean that EU companies can see which companies are approved for sharing information within the US. This means more uniformity and accountability, which EU companies can add to their security processes for seamless information sharing.
What Do the Next Stages Look Like?
As mentioned, any US companies that wish to be included now must become certified. The DPF certification is available via the DPF website and covers all data management and privacy protection aspects.
Companies that wish to comply must update their privacy standards in line with the approved DPF and verify their processes if requested. Ongoing compliance is then assessed on an annual basis to ensure consistency.
This newly approved framework will likely be updated regularly over the next year. This means more attention will be required for compliance updates as and when requested.
For EU companies, it is recommended that an understanding of the DPF is obtained. This means that even once the approved list grows, businesses and individuals can still protect their data by ensuring that only the correct information is provided and managed. However, there will be no other formal safeguards to consider, which means that processes can commence quickly once a US company has become officially certified.
How Can Creative Networks Support Me?
As with any new framework or data privacy structure, the DPF will take a little time to kick off. Our main recommendation is that companies start familiarising themselves with the remits so that businesses can carry on at a strong pace when more US organisations are certified. At Creative Networks, we think that the news of the DPF approval is positive, and we cannot wait to see companies in the EU go from strength to strength with this new support.
Our IT support covers all aspects of data management, which means we can help companies find the right US businesses to work with. You can learn more about what outsourced IT support includes by clicking here if you are still unclear about the service. It is also our job to keep our fingers on the pulse of the latest data happenings, so we are already DPF experts!
Furthermore, our position as an MSP (managed service provider) means we can supply your data with privacy queries and processes, which is also included in an MSP service.
Contact us today to learn more about the DPF or our services.
Did you find this article useful? As experts in all things data, IT and cyber security, we love to share our insights on helpful topics. Check out some of our most recent blogs below to learn more about the world of IT in 2023:
