Proudly announcing Platform.sh's participation in the Data Privacy Framework (DPF)

As individuals become increasingly conscious of their personal data and how it is used, compliance with data protection regulations is a top priority for organizations worldwide. However, a challenge arose with cross-border transfers of personal data between the EU and the US following the Schrems II ruling by the Court of Justice of the European Union, leading to the creation of a new privacy framework.

The EU-US Data Privacy Framework (DPF)—together with the UK Extension and the Swiss-US Data Privacy Framework— was developed to facilitate transatlantic commerce. These approved certification mechanisms enable US organizations to transfer EU personal data—including the UK and Switzerland—to the United States in a privacy-protected way consistent with EU law. On 18 December 2023 Platform.sh became officially DPF-certified and we will renew our certification annually.

To gain certification, participating organizations must self-certify that they provide “adequate” data protection. This is achieved by implementing appropriate safeguards to protect data from loss, misuse, and unauthorized access and by adhering to the DPF Principles. The DPF Principles lay out a set of requirements governing participating organizations' use and treatment of personal data received from the European Union, the UK, and Switzerland. Such as by providing individuals with a notice disclosing:

• The types of personal data collected and, where applicable, the US entities or subsidiaries of the organization also adhering to the Principles
• The purposes for which it collects and uses personal information about them
• The individuals’ rights to access their personal data
• The possibility, under certain conditions, for the individual to invoke binding arbitration

You can learn more about the specific requirements of the DPF here. For more information on how Platform. sh complies, please see our Data Privacy Framework Notice.