Contact us

EU-US Data Privacy Framework Implementation Support

The new EU-US Data Privacy Framework is your fastest, most reliable route to compliant cross-border data transfers but getting it right requires precision. Whether you’re moving from Privacy Shield or certifying for the first time, BH Consulting helps you implement the DPF with clarity, speed, and confidence.
Political building behind a blue world map representing geopolitics

The challenge

Read more

New rules, new risks

The Schrems II judgement invalidated Privacy Shield and highlighted a need to supplement Standard Contractual Clauses (SCCs) with additional measures, if transferring personal data to countries that do not offer “Essentially Equivalent” protection to the EU.The new EU-US Data Privacy Framework (DPF) addresses these concerns by establishing new safeguards and mechanisms for data transfers between the EU and the US.

Implementing the DPF requires significant updates to existing data transfer practices. The transition to the DPF whether privacy certificated to Privacy Shield or this being an initial registration, requires thorough planning and execution.

What is the DPF?

Participation in the Data Privacy Framework (DPF) is the most straightforward, reliable, and cost-effective option for EU-US personal data transfers. As an Adequacy Decision, the DPF allows personal data to be transferred to the US without the need for additional safeguards. This means businesses can transfer data seamlessly, avoiding the need for Standard Contractual Clauses with supplementary measures and transfer impact assessments.

Benefits of DPF verification

1. Privacy-Compliant Data Flows: DPF-verified companies can ensure compliant data transfer mechanisms between the EU, UK, Switzerland and US, facilitating uninterrupted business operations across markets.

2. Reputation and Trust: Public-facing DPF verification signals trust, demonstrating that personal information is handled fairly, lawfully, and transparently. This enhances reputation and trust with trade partners, investors, customers, and regulators, showing a commitment to protecting personal data.

3.Accountability: DPF verification assures consumers and business partners that data transferred to your organisation receives equivalent protection as it does abroad, reducing organisational risk.

European and US flags composed of binary data streams representing cybersecurity
3D Earth model showing night lights on planet surface
3D Earth model showing night lights on planet surface

The service

BH Consulting offers comprehensive support to businesses preparing to register for the new EU-US Data Privacy Framework. Our services are designed to help organisations navigate the complexities of the DPF and ensure compliance with all regulatory requirements.

European flag with American flag texture overlay

Our implementation support services include:

  • Assessment of Current Data Transfers: Evaluating existing data transfer mechanisms to identify areas that require updates or modifications under the new framework.

  • Privacy Policy Updates: Assisting in updating privacy policies to reflect the changes introduced by the DPF, ensuring they accurately represent the organisation’s data transfer practices.

  • Compliance Monitoring: Establishing processes to continuously monitor compliance with the DPF principles and EU GDPR requirements.

  • Training and Awareness: Providing training sessions for staff to ensure they understand the new requirements and how to implement them effectively.

  • Documentation and Reporting: Helping organisations document their compliance efforts and prepare necessary reports for internal stakeholders and regulatory authorities.

BH Consulting assists organisations by:

  • Evaluating Compliance: Conducting thorough reviews of data transfer practices to ensure alignment with the DPF and relevant GDPR provisions.
  • Developing Action Plans: Creating tailored action plans to address any identified gaps and implement necessary changes efficiently.
  • Facilitating Certification: Guiding businesses through the process of certifying their compliance with the DPF, including the submission of necessary documentation to the U.S. Department of Commerce.
  • Implementing Supplementary Measures: Advising on the implementation of additional safeguards for specific types of data transfers to enhance protection and compliance.
  • Self-Certification and Verification Preparation: Assisting organisations that are self-certifying under the DPF, as well as those preparing for external verification, ensuring readiness for audits and reviews.
Smart city connected through a global digital network

Benefits

Ensure Compliance: Align your data transfer practices with the latest EU and US data protection regulations.

Streamline Processes: Establish efficient and compliant data transfer mechanisms that can be maintained and monitored over time.

Mitigate Risks: Identify and address potential risks associated with international data transfers to avoid legal and operational issues.

Enhance Training: Equip your team with the knowledge and skills needed to manage data transfers under the new framework effectively.

Build Trust: Demonstrate your commitment to data protection and compliance to customers and stakeholders.

Testimonials

“We engaged the services of BH Consulting in September to act as our DPO. They have expertly guided us through our GDPR journey, helping us to finalise our requirements to meet the GDPR standards. They have done this in a professional manner all the while aware of our limited time resources. Our DPO Annemarie, understands the way in which we work and has completely adapted her approach to suit our needs. I couldn’t recommend Annemarie and the team at BH consulting highly enough.”

Deirdre Walsh – Compliance Manager & Retail
Jack & Jill Children’s Foundation

“We found BH Consulting to be a huge help in achieving our ISO 27001 certification as they put so much structure on the process and helped us along every step of the way. Their knowledge and guidance the whole way along the journey was reassuring and really made the process seamless and easy to follow and understand. They were there to keep us accountable and ensure we were progressing at our bi-weekly meetings. We would definitely recommend BH Consulting to any organisation thinking of going for ISO 27001 certification and so quickly and cost effectively was a massive relief. The expertise BH Consulting provided to ensure we have a robust GDPR compliance framework in place was great. We would have no hesitation recommending BH Consulting to others in a similar position.”

Guvanch Meredov – Head of Product
MEG

“Make-A-Wish Ireland has been working with BH Consulting for three years and have found them to be incredibly supportive. GDPR can be extremely challenging and yet, for an organisation like ours, it is critical to be on top of everything at all times as we deal with such highly sensitive data. The support we have been given is practical, logical, and most importantly calming. They have demystified the complexities and have done repeated training with our team in order for everyone to be comfortable with all aspects. We would highly recommend any company to work with BH Consulting. A special thanks must go to Tracy Elliott who has worked with us since the start.”

Susan McQuaid O’Dwyer – CEO
Make a Wish Ireland

“BH Consulting have been our CISO since February 2019 and we have found their expertise to be extremely beneficial. They are very accessible when we need them and are very pragmatic in the advice they give. We really like the fact that they are independent and not tied to any vendors or solutions. We have confidence that BH Consulting are there with the right expertise and advice when we need them.”

Derek Wilson – CIO
Origin Enterprises Plc

“BH Consulting provide a reliable and valuable service to our organisation. Their expertise and continued guidance has been a great support to us since the introduction of GDPR.”

Eimear Vellekoop
CarTrawler

Why get in touch with BH Consulting

BH Consulting is a trusted, independent cybersecurity and data protection consultancy with over 20 years of experience. Whether you need expert guidance on compliance, risk management, or security strategy, our team delivers practical, vendor-neutral advice tailored to your needs.

  • Trusted by global brands and public sector bodies
  • ISO 27001-certified team with deep domain expertise
  • Proven track record in delivering real-world solutions
  • Flexible services: CISO/DPO as-a-Service, audits, training & more

Let’s start a conversation about securing your business.

Areas of interest*