The European Commission’s first review into the EU-US DPF adequacy decision has highlighted some key areas of focus for organisations seeking to self-certify or maintain compliance with the framework
Robb Taylor-Hiscock
Privacy Content Lead, CIPP/E, CIPM
November 4, 2024
In 2023, the introduction of the EU-US Data Privacy Framework (EU-US DPF) represented the re-instatement of a crucial mechanism for businesses aiming to transfer personal data from the EU to the US. One year on and the European Commission published its first review into the framework’s adequacy decision concluding that “the necessary structures and procedures to ensure that the Data Privacy Framework functions effectively” are in place. While obtaining certification against the EU-US DPF remains an important step for organizations wanting to transfer personal data across the Atlantic, the Commission’s report has highlighted that maintaining compliance with the framework’s principles is equally essential.
Throughout this blog we’ll explore three important areas of focus for companies looking to self-certify, or maintain compliance, with the EU-US DPF as highlighted by the report. In particular, we’ll look at drafting EU-US DPF compliant privacy policies ready for submitting to the Department of Commerce (DoC) and conducting self-assessments to evaluate whether your organization is effectively meeting the “recourse, enforcement, and liability”, “access”, “choice”, and “accountability for onwards transfer” principles.
As part of its report, the European Commission draws attention to the importance of creating a privacy policy that meets the requirements of the EU-US DPF. A draft privacy policy that satisfies the conditions of the framework is a foundational element of the application and certification process. This draft privacy policy must contain certain information about your data processing operations and is your opportunity to be transparent with individuals about how your company handles their personal information.
When preparing to self-certify with the framework a good starting place is to produce a comprehensive draft privacy policy that details all aspects of data collection, use, storage, and sharing. To comply with the conditions of the EU-US DPF, the draft privacy policy must include specific information relating to:
Download the checklist to understand the steps needed to self-certify and maintain compliance with the EU-US DPF.
The "recourse, enforcement, and liability" principle is designed to provide data subjects with enforceable rights and ensure organizations are equipped with robust mechanisms for handling complaints. Feedback received by the European Commission has brought to light that organizations are turning to self-assessment or external reviews to ensure they’re maintaining compliance with this principle.
This principle requires your organization to provide mechanisms to ensure compliance with the EU-US DPF principles and offer individuals a resolution service to handle complaints about non-compliance. This includes establishing an independent recourse mechanism used to investigate complaints and disputes free of charge. Processes must also be put in place to follow up on your organization’s privacy practices to establish where remedy has been implemented in cases of non-compliance.
A thorough self-assessment is one avenue outlined by the Commission for ensuring your program aligns with the enforcement and liability principle of the EU-US DPF. When approaching a task of this nature you can start by reviewing all internal processes related to complaint handling and ensuring you have proper documentation for dispute resolutions. Regularly audit these procedures to ensure that they work as intended and consider leveraging checklists or compliance management software to track each element of the recourse principle. Moreover, you must verify that the self-assessment has been completed via a statement signed by a corporate officer or other authorized representative of the organization at least once a year and made available upon request by individuals or in the context of an investigation or a complaint about non-compliance.
It’s sensible to regularly consult with privacy experts to confirm your company meets evolving legal standards and with stakeholders from different business functions to ensure that your organization is doing what is says it’s doing.
These principles safeguard individuals’ rights to control their personal data, choose how it's shared, and ensure that third parties respect the same level of protection. As outlined by the Commission’s report, compliance with these principles comes under specific scrutiny from private-sector independent recourse mechanisms (IRMs) to the extent that organizations are subject to audits and random checks against these principles.
Under the EU-US DPF, individuals have the right to access their personal information and the ability to opt out of certain uses of their information. It’s important to understand how your organization grants individuals access to their personal information. To build this understanding you can first seek to implement processes that allow individuals to easily request and receive a copy of the personal data you hold. This could be through an online portal or by email, but the process should be efficient and - as a best practice - easy to navigate. You should then turn your focus to operationalizing effective choice mechanisms, ensuring they are readily available and affordable mechanism for data subjects to exercise their opt-out options, particularly for data sharing or use in secondary functions like marketing. As a best practice, you should also ensure these choices are easily accessible and that users can change their preferences simply.
Onward transfer forms are an important area to consider under the EU-US DPF, especially if you share personal data with third-party service providers. To maintain compliance, it's essential to establish and document proper agreements with these third parties, establishing contracts that specifically reference onward data transfers. Such contracts must ensure that the third party will adhere to the same principles as your organization and those of the framework as well as detailing the security and privacy obligations of the third party. To verify third-party compliance with the framework, clauses should be included in contracts that allow your organization to monitor compliance. This will allow your organization to perform regular audits and ensure continued compliance with the requirements of the onward transfer principle. Your company must have measures in place to terminate relationships with non-compliant vendors swiftly.
The European Commission’s first annual review into the adequacy decision of the EU-US DPF serves as a good reflection point for organizations hoping to self-certify, and for those who are looking to maintain compliance, with the framework. The report has highlighted several areas that should be considered following a year of the framework being in operation based on the findings of its participants, industry groups, and government departments involved in the framework’s implementation and development.
For organizations, focusing on creating a transparent privacy policy, conducting a thorough self-assessment, and ensuring compliance with the access, choice, and onward transfer principles, you will be able meet, maintain, and document some of the key requirements needed for participation in the framework.
OneTrust Privacy Operations features key capabilities that can help you develop, manage, and report on an EU-US DPF compliant privacy program. From privacy notice management to data flow mapping, OneTrust Privacy Operations equips you with the tools needed to streamline your privacy program activities and demonstrate accountability and transparency.
Download the checklist to understand the steps needed to self-certify and maintain compliance with the EU-US DPF or request a demo to speak to one of our experts.
Webinar
In this webinar, DataGuidance privacy analysts will review of privacy enforcement trends in 2024, explore global AI regulations, including the EU AI Act, and discuss global privacy legislation developments in 2024.
Webinar
Join us for a virtual Lunch & Learn session and explore how OneTrust’s Third Party Management solution can streamline your risk management processes.
Webinar
Join OneTrust and PA Consulting as we dive deeper into the key takeaways from the IAPP Europe Data Protection Congress 2024. Our speakers will provide actionable insights from the event on the latest developments in data protection, privacy, and AI.
Webinar
This webinar will explore the key privacy pitfalls organizations face when implementing GenAI, focusing on purpose limitation, data proportionality, and business continuity. Attendees will gain insights into how to navigate these challenges through strong data governance, version control, and detailed model documentation to ensure compliance and mitigate risks.
Webinar
Join our webinar to learn the benefits of automating your PIAs and DPIAs using the OneTrust platform
Webinar
Join us for a global regulatory recap, where we will explore the latest privacy regulations and key developments impacting compliance in 2024 and beyond. This webinar will offer a streamlined analysis of newly adopted privacy laws, emerging AI regulations, and the evolving cyber regulations such as the NIS2 Directive.
Webinar
Learn how OneTrust's Data Subject Rights (DSR) Automation solution can automate DSRs from intake through fulfillment including ID verification, data detection and deletion, redaction, and secure response.
Checklist
The European Commission’s first review of the EU-US DPF highlighted several areas that organizations should focus on when looking to self-certify or maintain compliance with the framework. This checklist helps you monitor compliance and demonstrate accountability with the framework’s principles.
eBook
Explore our guide on Chrome's new privacy approach, covering cookie management changes, consumer behavior, and strategies for advertisers in a cookieless future.
Webinar
In this live demo webinar, we will showcase the advancements in regulatory intelligence embedded within the DataGuidance platform, which offers comprehensive and updated regulatory research across 300+ jurisdictions.
Infographic
The rise in technology development against the backdrop of increased privacy regulation has made responsible data use a crucial consideration for marketing and AI initiatives. Learn how OneTrust and Artefact partner to create and implement strategies for responsible data use.
Video
OneTrust’s privacy platform, powered by Snowflake, ensures secure data sharing and governance, helping organizations manage privacy without compromising collaboration.
Report
Explore key insights from the 2024 Gartner® Market Guide Gartner® Market Guide for Consent and Preference Management.
eBook
Learn how to harness the power of first-party data in digital marketing. Discover strategies to operationalize data, ensure accuracy, and drive decision-making in this comprehensive guide for marketing organizations.
Webinar
Join this webinar to learn how OneTrust helps you automate Data Mapping and Privacy Risk Assessments and how to overcome maintenance challenges.
Report
Download this 2024 Forrester Consulting Total Economic Impact™ study to see how OneTrust has helped organizations navigate data management complexities, generate significant ROI, and enable the responsible use of data and AI.
Report
Learn how a composite organization achieved a 227% return on investment over 3 years and payback in just 7 months by leveraging OneTrust to streamline privacy, data governance, and consent management.
Webinar
Join us for a webinar on the latest updates and emerging trends in global privacy regulations.
eBook
This comprehensive eBook explores the key elements of a GDPR compliance program.
Webinar
Join us for a live demo where we will discuss the advanced capabilities of OneTrust solutions in data privacy enforcement, first-party data collection, and AI innovation.
Webinar
Join DataGuidance and a panel of experts as we discuss US privacy laws the protection of minors' data.
Webinar
Join us for a deep dive tour of our suite of technology solutions for operationalizing and automating CPRA requirements across Do Not Share, Consumer Rights and privacy governance operations.
eBook
Explore the Data Privacy Maturity Model to evolve your data privacy program from compliance-focused to a strategic, value-driven framework.
Webinar
Join us for an in-depth webinar on "Going Beyond CCPA," where we will explore the intricacies of privacy laws, compare major regulations, and provide guidance on enhancing your privacy policy.
Webinar
The EU has adopted several new Cyber Laws that will impact many businesses and will come into force over the next few months (in October in the case of NISD2) and require actions now. Join the webinar to learn about the latest cyber developments.
Webinar
Join us for an insightful webinar on "The Evolution of CCPA" where we will delve into the latest amendments, understand their impact, and explore the new requirements and implications for businesses.
Webinar
Mastering Data Privacy: Expert Guidance on CCPA, CPRA, GDPR Compliance, Privacy Policy Best Practices, and Live Demo Insights
Webinar
Join us on July 17th for a live demo of OneTrust's solutions, providing you with practical tools and strategies to ensure your organization is compliant with both new and existing data privacy laws in the US.
Webinar
Rhode Island has become the 20th US State to pass a privacy law. On June 25, 2024, the Governor of Rhode Island transmitted the Data Transparency and Privacy Protection Act (RIDTPPA) without signature allowing the Act to become law. Join the webinar to learn more.
Webinar
Join DataGuidance and expert contributors for a webinar to unpack the latest developments and regulatory landscapes in the APAC region.
Webinar
Join OneTrust experts to learn about how to enforce responsible use policies and practice “shift-left” AI governance to reduce time-to-market.
Webinar
In this webinar, OneTrust DataGuidance and expert contributors unpack the MCPA and VDPA, examining the requirements, exceptions, and practical implications of the legislations on the data controllers and processors.
Infographic
Build consumer trust with Privacy by Design. Learn how embedding privacy can enhance compliance, security, and brand loyalty with our detailed infographic.
Webinar
Join us for a live demo showcasing the cutting-edge capabilities of OneTrust solutions in the realms of data privacy enforcement, first-party data collection, and AI innovation.
Webinar
Prepare your organization for the new wave of US privacy laws.
eBook
In the ebook, we delve into the fallout from Schrems II and explore how organizations based in Europe can best navigate international data transfers under the GDPR.
Checklist
Download this checklist to learn what questions to ask when designing a third-party risk management program that enables privacy compliance.
Webinar
Learn how to enhance your privacy program maturity to deliver strategic business value with first-party data, create dynamic end-user experiences, and more.
Webinar
Join our panel of experts as we celebrate GDPR Anniversary and take a closer look at the relationship between the GDPR and AI Act.
Webinar
Join our webinar to learn the practical tips and use cases for automating DSAR requests.
Webinar
Join OneTrust and Red Clover to discuss how earning trust is the key strategic objective of a mature data privacy program.
Infographic
Download our infographic and compare the many US state privacy law requirements that have been enacted or will soon come into effect.
Webinar
In this webinar, our panel of experts will explore best practices for managing common complexities experienced when managing DSARs in the EU and UK.
Webinar
Join this webinar with OneTrust and PwC and gain insights into the upcoming NIST CSF update and learn how to effectively deploy it across your organization.
Webinar
Join this session to learn how to take your data privacy program to the next level by building upon your existing capabilities, automating core privacy workflows, and more.
Webinar
Join OneTrust DataGuidance and expert contributors for an overview of the Kentucky Consumer Privacy Act (KCPA), Maryland's Senate Bill 0541, and the draft American Privacy Rights Act and explore how a federal bill could shape the US privacy landscape.
Infographic
View our timeline to understand the progression of current US state privacy laws and key dates.
Video
Explore how OneTrust solutions help you navigate the information lifecycle, ensure compliance, mitigate risks, and enhance data governance practices.
Webinar
See how OneTrust's Privacy & Data Governance Cloud operationalizes regulatory compliance and helps ensure privacy and responsible data use.
Resource Kit
This resource kit offers a range of content to help you understand the concept of Privacy by Design and provide guidance on best practices for its successful implementation.
Interactive Tool
This self-assessment will help you to gauge the maturity of your privacy program and understand the areas the areas of improvement that can further mature your privacy operations.
Webinar
Join this session to learn how to build a strong privacy foundation to achieve your compliance objectives and lay the groundwork for more strategic privacy programs.
Checklist
Self-certify for the EU-US DPF framework and comply with its seven core principles with this checklist.
Webinar
Join us for an interactive webinar we dive into the CPRA, which will go into force on March 29th.
Webinar
Join our webinar for a comprehensive overview of the latest global data privacy regulations and updates impacting businesses in 2024 and how to prepare.
Webinar
Learn the challenges AI technology poses for the (re)insurance industry and gain insights on balancing regulatory compliance with innovation.
Webinar
Watch this session for insights and strategies on buiding a strong data protection program that empowers innovation and strengthens consumer trust.
Webinar
How can you build a privacy-focused TPRM program? In this webinar, we discuss best practices for privacy compliance when working with third parties, from onboarding to offboarding.
Webinar
Get the latest insights from global leaders in cybersecurity managment in this webinar from our Data Protection in Financial Services Week 2024 series.
Webinar
Join the first session for our Data Protection in Financial Services Week 2024 series where we discuss the current state of AI regulations in the EU.
Report
OneTrust has been named a leader in the 2024 KuppingerCole Leadership Compass on Data Governance, receiving the highest rating for Product, Innovation, and Market.
eBook
The EU-US DPF represents an important mechanism for US-based companies to lawfully transfer personal data form the EU to the US. Use this eBook to learn more about how to self-certify with the framework and its seven core principles.
Infographic
OneTrust maintains its leading position in Privacy & Data Governance, with a record number of recognitions in the last six months from KuppingerCole and Forrester
Webinar
Learn about the data privacy maturity model and how your privacy teams can move beyond compliance to become strategic enablers for their business.
eBook
Quebec’s Law 25 is a major legislative development in Canadian privacy that will have a significant effect on IT systems. Learn more about what the CPO wants the CTO to know.
eBook
Data privacy is a journey that has evolved from a regulatory compliance initiative to a customer trust imperative. This eBook provides an in-depth look at the Data Privacy Maturity Model and how the business value of a data privacy program can realised as it matures.
Infographic
See why OneTrust was named a Leader in The Forrester Wave™: Privacy Management Software, Q4 2023 report.
Webinar
oin OneTrust DataGuidance for a webinar highlighting the key requirements within the new US laws, New Jersey Senate Bill 332 and New Hampshire Senate Bill 255.
Webinar
Join our panel of expert privacy professionals as they dissect the key happenings in 2023 and how privacy professionals can approach what may occur in 2024.
eBook
This guide give you a range of information and resources to raise privacy awareness this Data Privacy Day.
Webinar
Join us for a webinar on Embedding Privacy by Design through PIA Automation.
Report
Download the report see why OneTrust is named a leader in The Forrester Wave™: Privacy Management Software, Q4 2023 Report.
Webinar
Learn how Privacy Rights Automation helps to fully automate privacy rights requests.
Infographic
Learn how OneTrust and Europrivacy's partnership can help your organization achieve GDPR compliance and build trust with your customers.
Webinar
Live demo of the OneTrust Privacy Cloud, exploring how to manage Data Transfers, perform TIAs, and enforce consumer opt-out of the sale/share of personal data.
Webinar
Join OneTrust and KPMG webinar to learn more about the top trends from this year’s IAPP Europe DPC.
Webinar
Join us for a webinar as we explore the impending implementation of the Utah Privacy Law, set to take effect on December 31, 2023.
eBook
Whether you’re new to privacy or have been working in the space for some time, it can be a confusing place. In this eBook we explain the basics.
Webinar
Join our experts as we discuss ways to effectively manage data transfers between the UK & EU while staying compliant with the latest privacy regulations.
Infographic
The EU-US Data Privacy Framework is based upon seven core principles that organizations must comply with to certify with the framework.
Webinar
Join our webinar and learn how to save time and streamline third-party risk assessment throughout the TPRM lifecycle.
Webinar
Join OneTrust and KPMG UK to discuss the challenges of employee SARs, managing your breach response with third parties, and incident management.
Webinar
In this webinar, we explore the latest in Privacy by Design standards and how to effectively manage the balance between Privacy and Data Governance.
Webinar
Stay ahead of US privacy laws as we explore the lessons learned from CCPA and FTC enforcement and how AI is effecting the regulatory landscape.
eBook
Understand the importance of data privacy in third-party risk management, and 10 best practices for achieving privacy compliance when working with third parties.
Webinar
A webinar discussion of significant points and implications of the new UK-US Data Bridge.
eBook
Download this ebook to understand the principles of the GDPR, CCPA (as amended), and the EU-US DPF and to compare their similarities and differences.
Webinar
Join OneTrust and PA Consulting as we deep dive into the latest ICO requirements on SARs, handling DSARs, and the benefits of automation.
Infographic
Download our free infographic and get the information you need to understand the EU Data Boundary and how to properly handle data in the European Union.
Webinar
Join OneTrust and PA Consulting as we discuss what makes an effective PIA, best practices, and the benefits of automation.
Webinar
We explore the new Oregon and Delaware privacy laws, how they differ from other US privacy laws, and what they mean for your business.
Webinar
Join OneTrust and panelists from PA Consulting and Syngenta as we explore practical ways to build an effective data mapping program, best practices, and the need for automation.
Webinar
In this webinar, legal experts discuss India's newly enacted comprehensive privacy law, the Digital Personal Data Protection Act, 2023 ('DPDPA')
Infographic
Download this infographic and see the ROI benefits of privacy notice management automation with OneTrust Privacy Notice Management.
Regulation Book
Download the Utah Consumer Privacy Act law book and have the official UCPA text at your fingertips for when the law takes effect on December 31, 2023.
eBook
Download this eBook and get the insights you need to safeguard customer privacy and ensure responsible data use in the information lifecycle.
Blog
Get in-depth analysis on two upcoming US Privacy laws, the Oregon Consumer Privacy Act (OCPA) and the Delaware Personal Data Privacy Act (DPDPA), with OneTrust DataGuidence and a panel of experts.
Resource Kit
Achieve PCI DSS standard compliance with our comprehsive guide to safeguarding your organization's payment card data.
eBook
What you need to know about the new EU-US Data Privacy Framework and international data transfers.
Resource Kit
Download our EU-US Data Privacy Framework resource kit to better understand the new aggreement for cross-border personal data transfers and how to educate your stakeholders.
Webinar
Register for this free webinar to learn how to effectively manage international data transfers in the wake of Schrems II.
Webinar
Join us for an expert panel as we discuss the finalized EU-US Data Policy Framework and what it means for organizations managing international data transfers.
Webinar
Prepare your business for EU AI Act and its impact on the UK with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.
Webinar
In this free webinar, our privacy experts delve into the new Colorado and Connecticut privacy laws and how they differ from other US state regulations.
Webinar
Watch a demo of our Privacy & Data Governance Cloud and discover how to operationalize compliance and enable trusted data use.
Infographic
Download the infographic to learn more about the 6 guiding principles for data responsibility and why it is crucial that you follow them.
eBook
Learn about the seven fundamental principles of Privacy by Design and how to apply them to your business.
Webinar
Join our webinar and learn how to create an effective, privacy-focused third-party risk management (TPRM) program that streamlines recordkeeping and reduces your risk exposure.
Data Sheet
See how OneTrust Certification Automation streamlines PCI DSS compliance by identifying controls and requirements with automation.
Webinar
In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.
Webinar
Join our expert panel where we examine upcoming privacy legislation in Indiana, Montana, Tennessee, and Florida and the key requirements of each law.
Checklist
Prepare for Switzerland’s Revised Federal Act on Data Protection (Revised FADP) when it comes into force on September 1, 2023 with our free compliance checklist.
Webinar
Join our expert webinar as we discuss the Vietnam PDPD, its key requirements, and how your organization should prepare for its July 1, 2023 effective date.
Webinar
In this webinar, we look at the subject of internation data transfers and how to effectively navigate regional laws and mitigate the risk of non-compliance.
Webinar
Join this interactive webinar to learn how OneTrust helps orchestrate data retention and minimization for compliance with US privacy laws.
Webinar
Join us for this webinar as we break down the May 22, 2023 DPC Meta decision and cover the key takaways for EU-US data transfers.
Infographic
Learn how DSAR automation streamlines privacy rights requests and saves your organization time and resources.
Webinar
Join OneTrust and Deloitte Middle East as we cover the latest changes to Saudia Arabia's Personal Data Protection Law (PDPL) and what it means for organizations in the KSA region.
Webinar
Join Sidley and OneTrust DataGuidence as we discuss the proposed EU AI Act, the systems and organizations that it covers, and how to stay ahead of upcoming AI regulations.
Infographic
Download our infographic and learn about the 3 priorities of the French DPO.
Regulation Book
The Colorado Privacy Act (CPA) comes into force on July 1. Get the law's official text right at your fingertips.
eBook
Get the complete text of the Connecticut Data Privacy Act (CTDPA) for your reference.
Report
Read this report from Gartner® that highlights some of the key capabilities needed in a DSPM.
Webinar
Northern Europe panel - Join our panel of experts as they recap the GDPR, its key concepts, and what it means for organizations and compliance.
Webinar
Join our panel of experts as we discuss the impact GDPR had on the tech industry during the past five years, the importance of privacy by design, and what to expect with AI and regulation.
Webinar
Eastern European panel - Watch our webinar as we look back on 5 years of the GDPR, AI, and their impact on Europe, the world, and your organization.
Webinar
In this live webinar, our expert panel examines the first five years of the GDPR, how it changed the healthcare industry, and the changing global regulatory landscape.
Webinar
Join this webinar to learn how OneTrust is enhancing its privacy management, data governance, and consent and preferences solutions to help organizations tackle data sprawl and enable regulatory agility.
Webinar
Join us for a live panel as we discuss GDPR's impact on the retail and eCommerce industry and how companies evolved to meet the global regulatory landscape.
eBook
This eBook covers the fundamental information you need to know in order to get your GDPR compliance program started and how OneTrust helps.
Infographic
Download our infographic to see how the Revised FADP compares with its original version and the GDPR.
Webinar
How has the GDPR affected the financial industry? Join our live panel as we examine how it companies evolved to meet the regulatory challenges and what can be done to stay ahead of the curve.
Webinar
The Washington My Health My Data Act was signed into law on April 27, 2023 and will be enacted the following year. Join OneTrust DataGuidance and a team of legal experts and get the knowledge you need for compliance.
Infographic
Download this infographic to compare provisions in Alberta, British Colombia, and Quebec with those found at a federal level in PIPEDA and those proposed under the Consumer Privacy Protection Act.
Infographic
Download this infographic to learn more about Law 25’s provisions, their effective dates, and what you can do for compliance.
Webinar
Join the Privacy experts at OneTrust for an update on the new law and learn key requirements of Iowa’s new privacy law and more.
Webinar
Join this interactive webinar to learn how OneTrust helps to operationalize employee privacy for the California Privacy Rights Act (CPRA) compliance.
In-Person Event
Join us for a deep dive into embedding privacy by design into the fabric of your business to promote the responsible use of data.
Webinar
This session will cover the regulatory landscape, TIA guidance, and mitigation measures for international data transfers in the wake of the Schrems II case.
In-Person Event
Join this OneTrust live event series, which will address critical topics such as navigating data management, compliance automation and third-party risk.
Webinar
Learn how to balance the intricacies of CPRA, VCDPA, CPA, CTDPA, and UCPA when managing third parties and understanding privacy-related risks.
Webinar
Learn more about the UK's new data protection bill, which introduces changes to build a more business-friendly framework while ensuring data adequacy.
Infographic
The rapid growth of data has increased the risk of data breaches, learn how IT and security teams can secure, monitor, and de-risk that digital information.
Infographic
Businesses at different stages of privacy maturity will need to approach US privacy compliance in different ways. Download the infographic to learn more.
eBook
French DPOs should take three priorities into account when building their data protection and compliance programs and processes in 2023.
Webinar
Get an overview of ISO 31700, learn considerations for implementing a PbD framework for your organization, and a look at our Privacy by Design solutions.
Webinar
This session focuses on emerging issues impacting data privacy and cybersecurity in the insurance and reinsurance industry and its cyber insurance products.
Webinar
This first session will provide a real-time view from the trenches from a globally-recognized leader in cyber operational collaboration and defense.
Webinar
This session will examine some key issues and recent developments on international data transfers with contributions from key EU, UK, and US regulators.
Webinar
Join this interactive webinar to learn how OneTrust Consent and Preferences help to enable consumers to opt-out of third-party trackers.
Report
The Privacy on the horizon: What organizations need to watch in 2023 report highlights the views of privacy experts and industry leaders at OneTrust.
Webinar
Join industry experts at OneTrust & Protiviti for an operational deep dive and interactive Q&A on the upcoming US State laws set to go into effect in 2023.
Checklist
Download this checklist to make sure your organization follows the right steps to implement processes that achieve California Privacy Rights Act compliance.
Webinar
As Quebec Bill 64 - also known as Law 25 - takes effect it's important to have a consent strategy that takes you beyond compliance.
Webinar
This webinar discusses what companies fall within the DSA's scope, key things companies need to know about the DSA and its obligations, and challenges.
eBook
Learn more about the three priorities for managing US privacy requirements, including addressing the most visible aspects of US privacy compliance.
Webinar
We’ll discuss three facets of this problem, such as how to discover, classify and automate your data processes to streamline records of processing activities.
Webinar
Watch this on-demand webinar to get an overview of the CPRA including new obligations for businesses and exemptions for select organizations.
Webinar
Join this webinar to hear from experts at Simmons & Simmons Middle East LLP and OneTrust about practical tips on complying with the UAE PDPL.
Webinar
Learn how InfoSec teams can automate scoping mandatory requirements and streamline generating evidence to prove compliance across ISO.
Webinar
Watch this webinar for an overview of the upcomining Japan APPI amendments and what it means for your organization.
Webinar
Our industry experts discuss what makes Law 25 unique and how the impending changes will influence business decisions across industries in Canada.
Webinar
In this webinar, we provide a live product demonstration to show you how your organization can optimize and scale a third-party risk program.
Webinar
We’ll discuss the 7 core metrics successful third-party risk programs track and how to track them, such as critical metrics to track as your program matures.
Webinar
Watch our webinar, where legal experts from Latham and Watkins LLP discussed an overview of the recently signed Assembly Bill 2273 and its requirements.
Webinar
In this video, you will learn how OneTrust allows you to operationalize in detail the top practical elements of Bill 64 and how to maintain these practices.
Webinar
Learn challenges related to the enforcement of the DMA, such as the interplay between the DMA’s data-related obligations and other regulatory instruments.
Webinar
In this webinar, we will cover data policy requirements across the EU and discuss steps to automate data policy management and operational considerations.
Webinar
Learn how businesses can implement governance policies like retention, minimization, and open access through integrating technologies to minimize risks.
Webinar
Watch this webinar to hear how to leverage third-party risk management workflow creation and maintenance best practices.
Webinar
In this panel discussion, we address critical points such as defining the metrics to track in relation to third parties and their cybersecurity risks.
Webinar
This webinar will cover requirements, governing bodies, enforcement expectations for CPRA, VACDPA, CPA, CTDPA, and UCPA, and updates on the ADPPA.
Webinar
Join this webinar to learn about the rights request fulfillment complexities introduced by the end of the employee exclusion in the CPRA.
Webinar
Join our experts to understand the operational impact of these newly-expanded US consumer rights and how to automate consumer rights request fulfillment.
Webinar
In this webinar, OneTrust experts discuss requirements for conducting PIAs: why they exist, when you should do them, and what they should include.
Regulation Book
Download our Comprehensive US Privacy Law Book to easily refer to the law text from all current regulations in the US privacy landscape, such as the CPRA.
Webinar
In this webinar, we’ll review services providers under the ADPPA and outline how you can ready your third-party risk program to align with privacy regulations.
Webinar
Attend our webinar, "Establishing and enforcing retention policies," part of the US Privacy Laws Masterclass Series.
Webinar
In this webinar, we’ll explore these questions and layout 7 must-know best practices to conduct more meaningful third-party risk assessments.
Webinar
Watch our webinars on the latest privacy laws from Utah and Connecticut and what you need to know to prepare in 2023.
eBook
Download this eBook and explore the key areas of US state privacy laws and how they compare.
Webinar
Join this webinar and learn how to build an Incident Management Playbook to address global privacy incidents.
Webinar
This webinar will discuss best practices for how privacy and security teams can work together to eliminate redundant work, save time, and be more efficient.
Webinar
Watch this webinar to learn how responding to all kinds of incidents big and small creates a culture of trust.
Webinar
Join us for a discussion on the latest trends in trusted data and how you can take critical steps to build trust in data practices
Webinar
Watch this webinar as we discuss the EU's Digital Markets Act (DMA) and the Digital Services Act (DSA) as well as the UK Online Safety Bill (UK OSB)
Webinar
Watch our webinar on Thailand Personal Data Proctection Act (PDPA) and what it means for data processors and controllers.
Webinar
Join OneTrust and Microsoft in this webinar where we discuss our automated tool for processesing DSAR requests.
eBook
Download our guide and learn how automation allows teams to address broader aspects of their privacy programs such as DSARs, incident management, and more.
Resource Kit
These resources provide key information on US privacy law through blogs, webinars, and eBooks.
Webinar
Watch this webinar and see how the COVID-19 pandemic forced companies to accelerate automation and scale their third-party management.
Webinar
Join our UK legal experts as they discuss data subject rights access requests (DSAR) and how automation streamlines fulfilment and protects privacy.
Webinar
As part of our Privacy Automation webinar series, we discuss why it's important to automate DSAR fulfillment and the latest regulatory trends.
Webinar
Watch our masterclass webinar for a deep dive on sensitive personal information (SPI) and best practices for compliance.
Webinar
Watch this webinar to learn about US consumer privacy rights in 2023 and practical steps you can take to make compliance.
Webinar
Watch this webinar and prepare for compliance with the CPRA's employee rights requirements.
Webinar
Attend our webinar, to better understand privacy laws in the US.
Webinar
Watch our webinar as we discuss privacy impact assessments and how they relate to US privacy laws.
Webinar
Watch our US Privacy Law masterclass to learn about opt-out of sales and share requirements and best practices for approaching compliance.
Webinar
As part of our Privacy Automation webinar series, we discuss why it's important to automate DSAR fulfillment and the latest regulatory trends.
Webinar
Join us for this instalment of our Future of Privacy Automation Series for a discussion of the challenges, key components, and building blocks of DSAR automation.
Webinar
In this webinar, learn about the risks of unstructured data and effective strategies in automating discovery.
Webinar
Join CrossCountry Consulting and OneTrust to learn everything you need to get the fundamentals of building a privacy program.
Webinar
Watch our webinar on US privacy laws and gain insight on effective personal information managment strategies.
Webinar
Join LevelUp and OneTrust to learn everything you need to get started in building or improving an existing privacy program.
Webinar
Join Red Clover Advisors and OneTrust to learn everything you need to get the fundamentals of building a privacy program.
Webinar
Watch this free webinar and learn about the recent Austrain DSB ruling on Google Analytics and the implicactions on data transfers under the GDPR.
Webinar
Watch our webinar on global data residency requirements and learn about their implications and challenges.
Webinar
Watch this webinar and learn how to achieve real time visibility into you data and the policies for an effective privacy program.
Infographic
Automate your privacy program and reduce manual inefficiencies
Webinar
Watch this webinar where we discuss the Israel Privacy Protection Bill, its proposed amendments, and what it means for your organization.
Webinar
Join us for an overview of US privacy laws and strategies for dealing with compliance.
Webinar
In this free webinar, learn how to automate the classification and mapping of sensitive data and speed compliance.
eBook
The CPRA enters into effect on Jan 1, 2023 expanding the CCPA's requirements. This eBook outlines the next steps from CCPA to CPRA compliance.
Webinar
Prepare for 2022 Trends in Third-Party Risk Management and future-proof your Third-Party Trust program.
Webinar
In the first part of our US Privacy Series, we discuss US privacy laws such as the CPRA and best practices towards compliance.
Webinar
Watch our webinar on implementing account deletion for iOS apps and best practices.
Checklist
Download the checklist and discover the steps you can take to automate critical processes across your privacy program.
Webinar
Learn the benefits of using Google Consent Mode with the OneTrust CMP (Cookie Consent) to balance compliance and marketing objectives.
Webinar
Watch this webinar to learn about Global Privacy Control (GPC), how it centralizes user opt-out preferences, and streamlines compliance with CCPA and CPRA.
Webinar
As organizations become more data-driven, one of their biggest challenges is managing data retention strategies.
Webinar
Prepare for privacy and security incidents by building an incident management playbook.
Infographic
Download this infographic comparing the Virginia CDPA to the California CCPA.
Webinar
Join the OneTrust DataGuidance privacy analyst team for a deep-dive webinar examining Japan's APPI and what it means for organizations.
Webinar
Access this free webinar to learn how to be a trusted vendor.
Webinar
Join this webinar to hear more about the UK Adequacy Decision and what it means for data flows between the UK and the EU.
eBook
Download the Ultimate Guide to Privacy Management to understand the major factors that contribute to a privacy management program.
Video
Watch this demo video to learn how OneTrust Consent and Preference Management Cloud streamlines the consent lifecycle and accelerates fulfillment.
White Paper
Download our white paper and learn about OneTrust's Privacy Governance Framework and how it can serve as a blueprint for your privacy program.
Webinar
Join this US Privacy Masterclass series as we delve into the evolving US privacy landscape and how you can build a trust-based privacy program in 2023.
Webinar
Watch the OneTrust US Privacy Masterclass series and gain insight on the major US privacy law and best practices.
Webinar
Join OneTrust and expert speakers from PA Consulting for a webinar series discussing the need-to-knows for creating a successful privacy management program in your organization.
Webinar
Learn how to mature your data privacy program beyond reactive compliance to become a strategic enabler for your business.
Webinar
OneTrust DataGuidance and Sidley are joined by industry experts for the annual Data Protection in Financial Services Week.
Webinar
Join our webinar to learn how to effectively manage DSARs and comply with Quebec's Law 25, ensuring your organization meets customer and regulatory expectations.