The EU-U.S. Data Privacy Framework and how it affects data governance (and you)

A recent decision by the European Commission should make data transit from the EU to the US simpler.
July 18, 2023

Since GDPR came into effect in 2018, data movement between the EU and other countries like the United States has become more complicated due to the expanded consumer protections required of all organizations. On July 10, 2023, the European Commission announced an adequacy decision for the United States regarding the EU-U.S. Data Privacy Framework. Article 45(3) of GDPR grants the European Commission authority to determine whether non-EU countries ensure an “adequate level of protection” – i.e. a level of protection that is functionally equivalent to the prevailing standards set by GDPR in the EU.

The recent decision means that the European Commission considers protections offered by the EU-U.S. Data Privacy Framework to be compliant with GDPR for the purposes of data flows from the European Union to the United States, specifically regarding the handling of data of EU-based users by US-based entities. This makes it more straightforward for global enterprises to move and use their data internationally. 

In addition to affirming GDPR compliance, the EU-U.S. Data Privacy Framework (DPF) also allows EU individuals to seek legal redress in suspected cases of data mishandling by US-based entities through a Data Protection Review Court, established through Executive Order 14086. As U.S. companies need to meet the enhanced data privacy guidelines outlined in GDPR, data security and protection will become even more important. 

Furthermore, the US International Trade Administration has advised that all organizations that are currently self-certified under the old EU-US Privacy Shield standard can automatically transition (beginning July 17, 2023) to the EU-U.S. Data Privacy Framework, provided their privacy policies are updated accordingly and they comply with the DPF standards. Non-EU countries in Europe (Switzerland, UK, Norway) also intend to participate in DPF, and adequacy decisions from the respective authorities are expected to be imminent. For the UK-US and Swiss-US DPFs, there will likewise be automatic transitions for organizations previously certified under Privacy Shield. As companies look to switch to this new framework companies will need comprehensive data governance and lineage to track and catalog data.

How Fivetran handles data security and what this means for you

We have long observed the prevailing legal and regulatory requirements established by GDPR and all Fivetran services are GDPR-compliant. We were certified under Privacy Shield when it was active, and will accordingly be transitioning to the new Data Privacy Framework.

GDPR protects eight core rights:

  • The right to access
  • The right to be informed
  • The right to data portability
  • The right to be forgotten
  • The right to object
  • The right to restrict processing
  • The right to be notified
  • The right to rectification

Fivetran serves these needs using:

  • Column-level hashing and blocking to obscure PII, either by encrypting it or categorically excluding it from sensitive environments, respectively
  • Metadata logging to ensure visibility into the full provenance of all data assets

In addition, Fivetran supports data residency across a wide range of regions and clouds, with a choice of over 20 major cloud regions worldwide, across North America, Europe, Asia and the Pacific. We also support geographically bounded access, in which there is no data sent out of a designated cloud region without your permission, as well as private networking through services such as PrivateLink. We are continually investing in areas of data security and governance to ensure your most critical and sensitive business data is protected.

Fivetran users who depend on data movement across the Atlantic, such as Lufthansa, GroupM and DPDgroup can continue to sync their data with confidence. To see for yourself how it works, consider booking a demo.

[CTA_MODULE]

Kostenlos starten

Schließen auch Sie sich den Tausenden von Unternehmen an, die ihre Daten mithilfe von Fivetran zentralisieren und transformieren.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Data insights
Data insights

The EU-U.S. Data Privacy Framework and how it affects data governance (and you)

The EU-U.S. Data Privacy Framework and how it affects data governance (and you)

July 18, 2023
July 18, 2023
The EU-U.S. Data Privacy Framework and how it affects data governance (and you)
A recent decision by the European Commission should make data transit from the EU to the US simpler.

Since GDPR came into effect in 2018, data movement between the EU and other countries like the United States has become more complicated due to the expanded consumer protections required of all organizations. On July 10, 2023, the European Commission announced an adequacy decision for the United States regarding the EU-U.S. Data Privacy Framework. Article 45(3) of GDPR grants the European Commission authority to determine whether non-EU countries ensure an “adequate level of protection” – i.e. a level of protection that is functionally equivalent to the prevailing standards set by GDPR in the EU.

The recent decision means that the European Commission considers protections offered by the EU-U.S. Data Privacy Framework to be compliant with GDPR for the purposes of data flows from the European Union to the United States, specifically regarding the handling of data of EU-based users by US-based entities. This makes it more straightforward for global enterprises to move and use their data internationally. 

In addition to affirming GDPR compliance, the EU-U.S. Data Privacy Framework (DPF) also allows EU individuals to seek legal redress in suspected cases of data mishandling by US-based entities through a Data Protection Review Court, established through Executive Order 14086. As U.S. companies need to meet the enhanced data privacy guidelines outlined in GDPR, data security and protection will become even more important. 

Furthermore, the US International Trade Administration has advised that all organizations that are currently self-certified under the old EU-US Privacy Shield standard can automatically transition (beginning July 17, 2023) to the EU-U.S. Data Privacy Framework, provided their privacy policies are updated accordingly and they comply with the DPF standards. Non-EU countries in Europe (Switzerland, UK, Norway) also intend to participate in DPF, and adequacy decisions from the respective authorities are expected to be imminent. For the UK-US and Swiss-US DPFs, there will likewise be automatic transitions for organizations previously certified under Privacy Shield. As companies look to switch to this new framework companies will need comprehensive data governance and lineage to track and catalog data.

How Fivetran handles data security and what this means for you

We have long observed the prevailing legal and regulatory requirements established by GDPR and all Fivetran services are GDPR-compliant. We were certified under Privacy Shield when it was active, and will accordingly be transitioning to the new Data Privacy Framework.

GDPR protects eight core rights:

  • The right to access
  • The right to be informed
  • The right to data portability
  • The right to be forgotten
  • The right to object
  • The right to restrict processing
  • The right to be notified
  • The right to rectification

Fivetran serves these needs using:

  • Column-level hashing and blocking to obscure PII, either by encrypting it or categorically excluding it from sensitive environments, respectively
  • Metadata logging to ensure visibility into the full provenance of all data assets

In addition, Fivetran supports data residency across a wide range of regions and clouds, with a choice of over 20 major cloud regions worldwide, across North America, Europe, Asia and the Pacific. We also support geographically bounded access, in which there is no data sent out of a designated cloud region without your permission, as well as private networking through services such as PrivateLink. We are continually investing in areas of data security and governance to ensure your most critical and sensitive business data is protected.

Fivetran users who depend on data movement across the Atlantic, such as Lufthansa, GroupM and DPDgroup can continue to sync their data with confidence. To see for yourself how it works, consider booking a demo.

[CTA_MODULE]

Read the Fivetran security whitepaper to learn more details about how Fivetran handles security and compliance with GDPR
Read me
Topics
Share

Verwandte Beiträge

How Fivetran Helps You Stay Compliant With GDPR
Product

How Fivetran Helps You Stay Compliant With GDPR

Beitrag lesen
GDPR Compliance Is Now Easier With Column Blocking
Product

GDPR Compliance Is Now Easier With Column Blocking

Beitrag lesen
Fivetran Now Compliant With European Union’s GDPR Privacy Law
Product

Fivetran Now Compliant With European Union’s GDPR Privacy Law

Beitrag lesen
No items found.
Announcing Fivetran Managed Data Lake Service
Blog

Announcing Fivetran Managed Data Lake Service

Beitrag lesen
Fivetran Product Update: June 2024
Blog

Fivetran Product Update: June 2024

Beitrag lesen
Implementing a data fabric: From silos to insights
Blog

Implementing a data fabric: From silos to insights

Beitrag lesen

Kostenlos starten

Schließen auch Sie sich den Tausenden von Unternehmen an, die ihre Daten mithilfe von Fivetran zentralisieren und transformieren.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.