ExtensisHR Is Now Certified Under the EU-U.S. Data Privacy Framework (DPF)
Quick look: Maintaining confidentiality and security for sensitive data is essential for HR. The standards are rightfully set high for businesses entrusting their information to their professional employer organization (PEO). ExtensisHR doesn’t take this responsibility lightly and continuously seeks out ways to show its commitment to excellence for its customers, and has added yet another level of security with its recent EU-U.S. Data Privacy Framework (DPF) certification.
U.S. organizations can self-certify their public compliance with the DPF principles, and as of August 2024, ExtensisHR’s certification application was approved under the EU-U.S. Data Privacy Framework (DPF). This program was launched last year by the International Trade Administration (ITA) within the U.S. Department of Commerce and was developed to provide “U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union.”
The DPF framework is particularly valuable for small- and medium-sized businesses (SMBs), allowing access to affordable, streamlined personal data transfers from the European Economic Area, which is made up of EU countries plus Iceland, Liechtenstein, and Norway, and issues safeguards and adequate levels of protection.
As per the requirements to designate a European representative, ExtensisHR is in partnership with the European Data Protection Office (EDPO) and received a notification of compliance per Article 27 of the General Data Protection Regulation (GDPR).
This certification marks another significant milestone in ExtensisHR’s commitment to data privacy and security for its clients and positions our PEO services to expand into the global market supported by the highest global data privacy standards.
Defending the principles of data security
In a time when data sharing is a regular concern for companies, having the assurance of federally authorized certification is impactful when delivering HR services and support. In compliance with DPF principles, ExtensisHR’s privacy policy includes enforceable protection under U.S. law, such as:
Data Transparency
ExtensisHR maintains transparency with direct links to the Department of Commerce’s DPF website and independent dispute resolution resources. There’s also information sharing on the
the purpose of collecting and using personal information, and the type or identity of third parties to which it discloses personal information.
Individuals’ Rights
As an addition to data privacy transparency, the DPF principles require informing individuals about their data rights, including personal data, lawful disclosure requirements, and accountability in onward data transfers.
Free and Accessible Dispute Resolution
For quick and effective complaint resolution, ExtensisHR is dedicated to a streamlined process and response time within 45 days with free access provided to independent recourse mechanisms. For any unresolved issues, there’s the possibility for individuals to invoke binding arbitration, depending on certain conditions.
Data Integrity and Ongoing Compliance
To ensure customer data is handled with care, personal information is processed relevant to its intended purposes, and ExtensisHR maintains accountability when sharing data with third parties. Furthermore, the DPF certification requires proactive cooperation and transparency with the U.S. Department of Commerce for the retention of any data.
Though this is an abbreviated overview of the complete EU-U.S. Data Privacy Framework Principles, of which the entirety is lengthy and complex, ExtensisHR abides by and upholds all requirements per the privacy principles.
Rely on ExtensisHR’s certified HR professionals
The DPF certification is the latest addition to the list of credentials ExtensisHR already maintains. Our HR professionals are SHRM-certified, and as a PEO, we have achieved Certified Professional Employer Organization (CPEO) status. This aligns with the highest regulatory standards set by the U.S. government and the industry’s financial assurance program.
The CPEO designation is in addition to Employer Service Assurance Corporation (ESAC) accreditation and recognition from the Certification Institute (CI) for meeting all industry professional risk management best practices, making us part of the 1% of PEOs with all three credentials.
There are several moving parts to HR, and it starts with safeguarding work environments and data. ExtensisHR delivers access to Fortune 500-level benefits, as well as a full suite of HR, payroll, and risk management services across all 50 states, the U.S. Virgin Islands, and Puerto Rico. As we continue to expand, SMB leaders can rest assured we’ll have the proper data privacy principles in place.
For more information about the DPF and how ExtensisHR’s PEO solution can help you securely grow your business, contact our team today.