The Data Privacy Framework (DPF) Program is a new initiative that aims to improve the way personal data is transferred between the European Union (EU), United Kingdom (UK), Switzerland, and the United States. It replaces the EU-US Privacy Shield, which was invalidated by the EU Court of Justice. The main goal of the DPF is to protect the fundamental rights of EU citizens whose data is shared across the Atlantic.
SkyKick values its Partners and Customers, and most of all, their trust. SkyKick remains committed to complying with EU data protection laws and respecting the rights of the individuals whose data it handles. And the DPF is an important instrument for this, but SkyKick believes it is not enough on its own. Data protection laws are constantly changing, and there is some uncertainty when it comes to the longevity of the DPF.
This is why SkyKick has adopted a comprehensive and wholistic approach, supported by strong technical, organizational, and legal measures to protect the personal data of our Partners and Customers in the EU/EEA, the United Kingdom and Switzerland. These include the continued use of the Standard Contractual Clauses, the Data Pro Statement, and independent compliance audits. Extending SkyKick’s commitment to data security and privacy beyond merely the regulatory requirements.
To ensure and demonstrate the level of security SkyKick Partners and Customer can expect when data is transferred from the EU/EEA to the United States, SkyKick holds certifications that show that the controls not only meet but surpass the GDPR requirements. These include an ISO 27001 certificate for cybersecurity, an ISO 27701 certificate for data privacy, and Data Pro certificate for compliance with the GDPR. These certifications combined encompass the diverse facets of information security, privacy management, and data processing in the most comprehensive way.
And in partnership with the attorneys from the renowned law firm BarentsKrans SkyKick also provides a legal review of all these measures in light of the DPF. You can download a copy of the full legal assessment by BarentsKrans here:
With these certifications and external assessments, SkyKick continues to show its commitment to industry best practices and standards, underscoring its continual pursuit of performance enhancement and assurances for the protection of data subject rights.
With the implementation of the DPF SkyKick has also revised its Data Processing Addendum and Privacy Notice providing for the required independent arbitration where needed.
Additionally, SkyKick empowers its Partners and Customers with robust tools such as SkyKick Cloud Backup for Microsoft 365, SkyKick Security Manager, and SecurityRadar™. Core services which facilitate effective compliance of Customers with the EU’s Directive on Security of Network and Information Systems (NIS2) and the GDPR.
The NIS2 directive, aimed at bolstering the resilience and security of critical network and information systems, places stringent obligations on operators of essential services, cloud service providers and digital service providers. By utilizing SkyKick’s suite of products, its Partners and Customers can navigate NIS2 compliance with ease and efficacy, setting them apart in meeting these rigorous obligations.
In summation, the introduction of the DPF and NIS2 present further important advancements in the realm of international data transfers, cybersecurity and data protection
SkyKick’s approach remains thoughtful and future proof by eliminating the possible future legal challenges as with Privacy Shield. So that SkyKick remains your steadfast and trusted partner in securing your data, staying adaptable to regulatory shifts, and continuously upholding the highest standards of data privacy and security.
***