The EU-U.S. Data Privacy Framework and how it affects data governance (and you)

A recent decision by the European Commission should make data transit from the EU to the US simpler.
July 18, 2023

Since GDPR came into effect in 2018, data movement between the EU and other countries like the United States has become more complicated due to the expanded consumer protections required of all organizations. On July 10, 2023, the European Commission announced an adequacy decision for the United States regarding the EU-U.S. Data Privacy Framework. Article 45(3) of GDPR grants the European Commission authority to determine whether non-EU countries ensure an “adequate level of protection” – i.e. a level of protection that is functionally equivalent to the prevailing standards set by GDPR in the EU.

The recent decision means that the European Commission considers protections offered by the EU-U.S. Data Privacy Framework to be compliant with GDPR for the purposes of data flows from the European Union to the United States, specifically regarding the handling of data of EU-based users by US-based entities. This makes it more straightforward for global enterprises to move and use their data internationally. 

In addition to affirming GDPR compliance, the EU-U.S. Data Privacy Framework (DPF) also allows EU individuals to seek legal redress in suspected cases of data mishandling by US-based entities through a Data Protection Review Court, established through Executive Order 14086. As U.S. companies need to meet the enhanced data privacy guidelines outlined in GDPR, data security and protection will become even more important. 

Furthermore, the US International Trade Administration has advised that all organizations that are currently self-certified under the old EU-US Privacy Shield standard can automatically transition (beginning July 17, 2023) to the EU-U.S. Data Privacy Framework, provided their privacy policies are updated accordingly and they comply with the DPF standards. Non-EU countries in Europe (Switzerland, UK, Norway) also intend to participate in DPF, and adequacy decisions from the respective authorities are expected to be imminent. For the UK-US and Swiss-US DPFs, there will likewise be automatic transitions for organizations previously certified under Privacy Shield. As companies look to switch to this new framework companies will need comprehensive data governance and lineage to track and catalog data.

How Fivetran handles data security and what this means for you

We have long observed the prevailing legal and regulatory requirements established by GDPR and all Fivetran services are GDPR-compliant. We were certified under Privacy Shield when it was active, and will accordingly be transitioning to the new Data Privacy Framework.

GDPR protects eight core rights:

  • The right to access
  • The right to be informed
  • The right to data portability
  • The right to be forgotten
  • The right to object
  • The right to restrict processing
  • The right to be notified
  • The right to rectification

Fivetran serves these needs using:

  • Column-level hashing and blocking to obscure PII, either by encrypting it or categorically excluding it from sensitive environments, respectively
  • Metadata logging to ensure visibility into the full provenance of all data assets

In addition, Fivetran supports data residency across a wide range of regions and clouds, with a choice of over 20 major cloud regions worldwide, across North America, Europe, Asia and the Pacific. We also support geographically bounded access, in which there is no data sent out of a designated cloud region without your permission, as well as private networking through services such as PrivateLink. We are continually investing in areas of data security and governance to ensure your most critical and sensitive business data is protected.

Fivetran users who depend on data movement across the Atlantic, such as Lufthansa, GroupM and DPDgroup can continue to sync their data with confidence. To see for yourself how it works, consider booking a demo.

[CTA_MODULE]

Commencer gratuitement

Rejoignez les milliers d’entreprises qui utilisent Fivetran pour centraliser et transformer leur data.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Data insights
Data insights

The EU-U.S. Data Privacy Framework and how it affects data governance (and you)

The EU-U.S. Data Privacy Framework and how it affects data governance (and you)

July 18, 2023
July 18, 2023
The EU-U.S. Data Privacy Framework and how it affects data governance (and you)
A recent decision by the European Commission should make data transit from the EU to the US simpler.

Since GDPR came into effect in 2018, data movement between the EU and other countries like the United States has become more complicated due to the expanded consumer protections required of all organizations. On July 10, 2023, the European Commission announced an adequacy decision for the United States regarding the EU-U.S. Data Privacy Framework. Article 45(3) of GDPR grants the European Commission authority to determine whether non-EU countries ensure an “adequate level of protection” – i.e. a level of protection that is functionally equivalent to the prevailing standards set by GDPR in the EU.

The recent decision means that the European Commission considers protections offered by the EU-U.S. Data Privacy Framework to be compliant with GDPR for the purposes of data flows from the European Union to the United States, specifically regarding the handling of data of EU-based users by US-based entities. This makes it more straightforward for global enterprises to move and use their data internationally. 

In addition to affirming GDPR compliance, the EU-U.S. Data Privacy Framework (DPF) also allows EU individuals to seek legal redress in suspected cases of data mishandling by US-based entities through a Data Protection Review Court, established through Executive Order 14086. As U.S. companies need to meet the enhanced data privacy guidelines outlined in GDPR, data security and protection will become even more important. 

Furthermore, the US International Trade Administration has advised that all organizations that are currently self-certified under the old EU-US Privacy Shield standard can automatically transition (beginning July 17, 2023) to the EU-U.S. Data Privacy Framework, provided their privacy policies are updated accordingly and they comply with the DPF standards. Non-EU countries in Europe (Switzerland, UK, Norway) also intend to participate in DPF, and adequacy decisions from the respective authorities are expected to be imminent. For the UK-US and Swiss-US DPFs, there will likewise be automatic transitions for organizations previously certified under Privacy Shield. As companies look to switch to this new framework companies will need comprehensive data governance and lineage to track and catalog data.

How Fivetran handles data security and what this means for you

We have long observed the prevailing legal and regulatory requirements established by GDPR and all Fivetran services are GDPR-compliant. We were certified under Privacy Shield when it was active, and will accordingly be transitioning to the new Data Privacy Framework.

GDPR protects eight core rights:

  • The right to access
  • The right to be informed
  • The right to data portability
  • The right to be forgotten
  • The right to object
  • The right to restrict processing
  • The right to be notified
  • The right to rectification

Fivetran serves these needs using:

  • Column-level hashing and blocking to obscure PII, either by encrypting it or categorically excluding it from sensitive environments, respectively
  • Metadata logging to ensure visibility into the full provenance of all data assets

In addition, Fivetran supports data residency across a wide range of regions and clouds, with a choice of over 20 major cloud regions worldwide, across North America, Europe, Asia and the Pacific. We also support geographically bounded access, in which there is no data sent out of a designated cloud region without your permission, as well as private networking through services such as PrivateLink. We are continually investing in areas of data security and governance to ensure your most critical and sensitive business data is protected.

Fivetran users who depend on data movement across the Atlantic, such as Lufthansa, GroupM and DPDgroup can continue to sync their data with confidence. To see for yourself how it works, consider booking a demo.

[CTA_MODULE]

Read the Fivetran security whitepaper to learn more details about how Fivetran handles security and compliance with GDPR
Read me
Topics
Share

Articles associés

How Fivetran Helps You Stay Compliant With GDPR
Product

How Fivetran Helps You Stay Compliant With GDPR

Lire l’article
GDPR Compliance Is Now Easier With Column Blocking
Product

GDPR Compliance Is Now Easier With Column Blocking

Lire l’article
Fivetran Now Compliant With European Union’s GDPR Privacy Law
Product

Fivetran Now Compliant With European Union’s GDPR Privacy Law

Lire l’article
Leaky data pipelines: Uncovering the hidden security risks
Blog

Leaky data pipelines: Uncovering the hidden security risks

Lire l’article
Navigating data lake challenges: Governance, security and automation
Blog

Navigating data lake challenges: Governance, security and automation

Lire l’article
The importance of data governance and security for AI readiness
Blog

The importance of data governance and security for AI readiness

Lire l’article
Leaky data pipelines: Uncovering the hidden security risks
Blog

Leaky data pipelines: Uncovering the hidden security risks

Lire l’article
Navigating data lake challenges: Governance, security and automation
Blog

Navigating data lake challenges: Governance, security and automation

Lire l’article
The importance of data governance and security for AI readiness
Blog

The importance of data governance and security for AI readiness

Lire l’article

Commencer gratuitement

Rejoignez les milliers d’entreprises qui utilisent Fivetran pour centraliser et transformer leur data.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.