All U.S.-based businesses, that work with the EU or any EU member, must be compliant by October 10, 2023.
On July 10, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework (DPF). This allows personal data to flow freely from EU to U.S. companies participating in the Framework without having to implement additional data protection safeguards. In October of 2022, the Executive Branch signed an Executive Order to implement the European Union U.S. Data Privacy Framework which laid out steps that the U.S. would take to implement its commitments under that Privacy Framework. On July 17, the U.S. Department of Commerce launched the Data Privacy Framework Program website where companies could review key requirements for participating organizations including how to join the program and how to recertify. All applicable organization’s privacy policy’s must align with that of the DPF principles and policies must be compliant no later than October 10, 2023. Additional information can be found at the DPF website and requirements are located under the FAQ section.
https://www.dataprivacyframework.gov/s/
What are your thoughts on these new international data protection requirements? Discuss below.
ISC2 Community Manager