Implementing Trans-Atlantic Transfers
This chart outlines key changes and requirements for U.S., EU, UK and Swiss organizations implementing trans-Atlantic transfers.
Published: 8 Aug. 2023
Last updated: 22 Aug. 2024
On 10 July 2023, the EU adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision states the U.S. must ensure an adequate level of protection for personal data transferred from the European Economic Area to U.S. companies participating in the EU-U.S. Data Privacy Framework. The U.K. adopted its own UK-U.S. Data Bridge, which operates as an extension to the EU-U.S. Data Privacy Framework, on 12 October 2023. Switzerland is expected to finalize its own determinations in the coming months.
There are important updates for organizations on both sides of the Atlantic to implement. This chart outlines the key changes and requirements for U.S. organizations participating in the Data Privacy Framework, whether they are transitioning from the Privacy Shield or newly self-certifying, and for EU, UK, and Swiss organizations transferring data to U.S. organizations, including to U.S. organizations not certified to the Data Privacy Framework.
The IAPP additionally hosts a EU-US Data Privacy Framework resource that stays updated with the latest guidance documents and resources covering what these new rules say, how they work and what comes next as the framework takes effect.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Implementing Trans-Atlantic Transfers
This chart outlines key changes and requirements for U.S., EU, UK and Swiss organizations implementing trans-Atlantic transfers.
Published: 8 Aug. 2023
Last updated: 22 Aug. 2024
Contributors:
Joe Jones
Research and Insights Director, IAPP
Cobun Zweifel-Keegan
Managing Director, D.C., IAPP
CIPP/US, CIPM
On 10 July 2023, the EU adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision states the U.S. must ensure an adequate level of protection for personal data transferred from the European Economic Area to U.S. companies participating in the EU-U.S. Data Privacy Framework. The U.K. adopted its own UK-U.S. Data Bridge, which operates as an extension to the EU-U.S. Data Privacy Framework, on 12 October 2023. Switzerland is expected to finalize its own determinations in the coming months.
There are important updates for organizations on both sides of the Atlantic to implement. This chart outlines the key changes and requirements for U.S. organizations participating in the Data Privacy Framework, whether they are transitioning from the Privacy Shield or newly self-certifying, and for EU, UK, and Swiss organizations transferring data to U.S. organizations, including to U.S. organizations not certified to the Data Privacy Framework.
The IAPP additionally hosts a EU-US Data Privacy Framework resource that stays updated with the latest guidance documents and resources covering what these new rules say, how they work and what comes next as the framework takes effect.
This content is eligible for Continuing Professional Education credits. Please self-submit according to CPE policy guidelines.
Tags:
Related resources
Global AI Governance Law and Policy: Jurisdiction Overviews
US State Privacy Legislation Tracker
Organizational Digital Governance Report 2025
US State Comprehensive Privacy Laws Report
