In order to participate in the EU–U.S. Data Privacy Framework (DPF) and, as applicable, the UK Extension to the EU–U.S. DPF, and/or the Swiss-U.S. DPF an organization must:
(a) be subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC), the Department of Transportation (DOT), or another statutory body that will effectively ensure compliance with the Principles;
(b) publicly declare its commitment to comply with the Principles;
(c) publicly disclose its privacy policies in line with the Principles; and
(d) fully implement them.
To join the Insights Association Data Privacy Framework (DPF) Services Program:
1. Complete the program application here
A. Program fees include:
- The annual payment to the Insights Association as your designated Independent Recourse Mechanism (completed during your application to the program). This fee is tiered and based on your company’s annual revenue.
- The Insights Association will complete the AAA\ICDR registration and payment on your company’s behalf.
- During your DPF self-certification application, it is the member company’s responsibility to pay the program fee directly to the Department of Commerce. This fee is outside of the Insights Association annual program fee.
- Upon submission of your DPF application, it is the member company’s responsibility to pay into the Arbitral Fund. This fee is outside of the Insights Association annual program fee. More information, and the payment portal, can be found here: https://go.adr.org/dpf-annexi-fund.html
- Organizations that either choose to utilize the EU DPAs with regard to all data or must utilize the EU DPAs with regard to HR data are required to pay an annual fee of US $50 in order to cover the operating costs of the EU DPA panel. This fee is outside of the Insights Association annual program fee. This fee is payable to the United States Council for International Business (USCIB), which has agreed to act as a trusted third party for this purpose. The fee can be paid online here. No fee is required with respect to the Swiss Data Protection and Information Commissioner. Additional guidance on the handling of human resources data under the Framework is provided in Supplemental Principle 9 (Human Resources Data).
2. Upon receipt of your application you will receive an e-mail from the Insights Association detailing your next steps which include:
A. Signing and returning the Insights Association DPF participation agreement.
B. Submitting a draft of your privacy policy for review – a checklist will be provided to ensure your privacy policy contains all of the requirements of the DPF Program.
3. Once your signed participation agreement is received and your privacy policy meets the DPF requirements you will be accepted in the Insights Association DPF Program and instructed to register and self-certify with the Department of Commerce at www.dataprivacyframework.gov.
A. DPF reviewers may request proof that all associated fees have been paid. The Insights Association will supply you with the receipts for your annual program fee and the AAA/ICDR registration fee. All other required program payments – the DPF Department of Commerce application fee and the contribution to the Arbitral Fund – are completed by the member company and should be retained for your records.
Please contact Juliana Wood, Director of Certifications, with any questions.