We are pleased to announce that SugarCRM Inc. has successfully certified to the EU-US Data Privacy Framework, the Swiss- US Data Privacy Framework as well as the UK extension.

What is it?

The Data Privacy Framework allows the transfer of personal data to US companies signed up to the Framework.

What does it mean for our customers?

Our customers based in the EU, Switzerland and UK can safely transfer (or allow access to) personal data to Sugar in the US without the need for putting Standard Contractual Clauses in place.

Why is it helpful?

Before the EU Commission adopted its long-awaited adequacy decision on transfers to the US under the EU-US Data Privacy Framework in July 2023, transfers could only be made by using the so called Standard Contractual Clauses (“SCC”). However, signature of the SCCs is not sufficient and where the transfer is based on the SCCs, our customers as controllers must assess the underlying transfer on a case-by-case basis (a “transfer impact assessment”) to determine whether the personal data will be adequately protected and as part of this assessment must consider potential access by law enforcement or national security agencies. This has proved problematic. Conducting these transfer impact assessments requires a great deal of effort and rarely provides a clear conclusion.

By relying on the Data Privacy Framework no transfer impact assessment is required anymore.

Is there a certificate?

There is no “certificate” as such which can be shared, however, there is an official website where our status as active as well as more details on the certification itself can be viewed: https://www.dataprivacyframework.gov/list