Back

Remove any privacy programs the organization is not a member of from the privacy policy.


CONTROL ID
12367
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Corrective

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Define what is included in the privacy policy., CC ID: 00404

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Organisations can receive personal data on the basis of the EU-U.S. DPF from the date they are placed on the DPF list by the DoC. To ensure legal certainty and avoid 'false claims', organisations certifying for the first time are not allowed to publicly refer to their adherence to the Principles bef… (2.3.1 (49), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • Where, on the basis of its ex officio verifications, complaints or any other information, the DoC concludes that an organisation has persistently failed to comply with the Principles it may remove such an organisation from the DPF list. Refusal to comply with a final determination by any privacy sel… (2.4 (79), COMMISSION IMPLEMENTING DECISION of 10.7.2023 pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council on the adequate level of protection of personal data under the EU-US Data Privacy Framework)
  • When an organization leaves the EU-U.S. DPF for any reason, it must remove all statements implying that the organization continues to participate in the EU-U.S. DPF or is entitled to the benefits of the EUU.S. DPF. The EU-U.S. DPF certification mark, if used, must also be removed. Any misrepresentat… (III.6.h., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • If an organization persistently fails to comply with the Principles, it is no longer entitled to benefit from the EU-U.S. DPF. Organizations that have persistently failed to comply with the Principles will be removed from the Data Privacy Framework List by the Department and must return or delete th… (III.11.g.i., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • An organization must subject to the Principles all personal data received from the EU in reliance on the EU-U.S. DPF. The undertaking to adhere to the Principles is not time-limited in respect of personal data received during the period in which the organization enjoys the benefits of the EU-U.S. DP… (III.6.f., EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • When an organization leaves the Privacy Shield for any reason, it must remove all statements implying that the organization continues to participate in the Privacy Shield or is entitled to the benefits of the Privacy Shield. The EU-U.S. Privacy Shield certification mark, if used, must also be remove… (§ III.6.h., EU-U.S. Privacy Shield Framework Principles)
  • An organization must subject to the Privacy Shield Principles all personal data received from the EU in reliance upon the Privacy Shield. The undertaking to adhere to the Privacy Shield Principles is not time-limited in respect of personal data received during the period in which the organization en… (§ III.6.f., EU-U.S. Privacy Shield Framework Principles)
  • An organization must subject to the Principles all personal data received from Switzerland in reliance on the Swiss-U.S. DPF. The undertaking to adhere to the Principles is not time-limited in respect of personal data received during the period in which the organization enjoys the benefits of the Sw… (iii.6.f., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • When an organization leaves the Swiss-U.S. DPF for any reason, it must remove all statements implying that the organization continues to participate in the Swiss-U.S. DPF or is entitled to the benefits of the Swiss-U.S. DPF. The Swiss-U.S. DPF certification mark, if used, must also be removed. Any m… (iii.6.h., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • If an organization persistently fails to comply with the Principles, it is no longer entitled to benefit from the Swiss-U.S. DPF. Organizations that have persistently failed to comply with the Principles will be removed from the Data Privacy Framework List by the Department and must return or delete… (iii.11.g.i., SWISS-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • When an organization leaves the EU-U.S. DPF for any reason, it must remove all statements implying that the organization continues to participate in the EU-U.S. DPF or is entitled to the benefits of the EUU.S. DPF. The EU-U.S. DPF certification mark, if used, must also be removed. Any misrepresentat… (III.6.h., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • If an organization persistently fails to comply with the Principles, it is no longer entitled to benefit from the EU-U.S. DPF. Organizations that have persistently failed to comply with the Principles will be removed from the Data Privacy Framework List by the Department and must return or delete th… (III.11.g.i., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)
  • An organization must subject to the Principles all personal data received from the EU in reliance on the EU-U.S. DPF. The undertaking to adhere to the Principles is not time-limited in respect of personal data received during the period in which the organization enjoys the benefits of the EU-U.S. DP… (III.6.f., UK EXTENSION TO THE EU-U.S. DATA PRIVACY FRAMEWORK PRINCIPLES)