United States: You Have Questions, We Have Answers: Data Privacy Framework FAQs

Since our July 13 post about the European Commission's formal adoption of theEU-U.S. Data Privacy Framework(EU DPF), members of our Data Privacy, Cybersecurity & Digital Assets Practice have been hard at work helping clients prepare for and complete the certification process. We prepared for our readers answers to some of the most frequently asked questions we have received over the past few months.

Our Data Privacy Framework Frequently Asked Questions are available here.

Time is of the essence for a business that maintained an active certification under the EU-U.S. Privacy Shield Framework (Privacy Shield). A Privacy-Shield certified business is automatically part of DPF – as long as the business' privacy policies and procedures are updated to reflect the DPF's Principles by (i) October 10, 2023 for the EU DPF and (ii) October 17, 2023 for the Swiss DPF. A business listed as "inactive" on the DPF Website – whether because the business withdrew or did not complete the annual re-certification – can use its DoC account to complete the DPF certification process.

We welcome your questions about EU DPF, UK Extension and Swiss DPF. Click here to contact us. We expect to add new and updated FAQs in the coming weeks so please watch your inbox or check back.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.