Published: August 2023Click To View (PDF)

On 10 July 2023, the EU adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision states the U.S. must ensure an adequate level of protection for personal data transferred from the European Economic Area to U.S. companies participating in the EU-U.S. Data Privacy Framework. The U.K. and Switzerland are expected to finalize similar determinations in the coming months.

There are important updates for organizations on both sides of the Atlantic to implement. This chart outlines the key changes and requirements for U.S. organizations participating in the Data Privacy Framework, whether they are transitioning from the Privacy Shield or newly self-certifying, and for EU organizations transferring data to U.S. organizations, including to U.S. organizations not certified to the Data Privacy Framework.

The IAPP additionally hosts an International Data Transfers topic page in the Resource Center, and an EU-US Data Privacy Framework resource that stays updated with the latest guidance documents and resources covering what these new rules say, how they work and what comes next as the framework takes effect.