Compliance Review Questionnaire

Self-Certifications under the Data Privacy Framework Program

instr_DPF compliance qnr_06-01-23_clean

OMB: 0625-0280

Document [pdf]
Download: pdf | pdf
A Federal agency may not conduct or sponsor an information collection subject to the requirements of the Paperwork Reduction Act of 1995
unless the information collection has a currently valid OMB Control Number. The approved OMB Control Number for this information collection
is 06XX-XXXX (expires MM/DD/YYYY). Without this approval, we could not conduct this information collection. Public reporting for this
information collection is estimated to be approximately 75 minutes per response, including the time for reviewing instructions, searching
existing data sources, gathering and maintaining the data needed, and completing and reviewing the information collection. All responses to
this information collection are voluntary. Send comments regarding this burden estimate or any other aspect of this information collection,
including suggestions for reducing this burden to ITA Paperwork Reduction Act Officer at [email protected].

You are receiving a compliance review questionnaire in connection with your organization's participation in the EU-U.S. Data
Privacy Framework (EU-U.S. DPF) and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. Data Privacy
Framework (Swiss-U.S. DPF).  Under the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the SwissU.S. DPF, the U.S. Department of Commerce's International Trade Administration (ITA) monitors effective compliance, including 
through sending questionnaires to participating organizations, to identify issues that may warrant further follow‐up action.  In 
particular, such compliance reviews shall take place when: (a) the Department has received specific, non‐frivolous complaints
about an organization’s compliance with the DPF Principles, (b) an organization does not respond satisfactorily to inquiries by 
the Department for information relating to the relevant part(s) of the DPF program, or (c) there is credible information that an
organization does not comply with its commitments under the relevant part(s) of the DPF program.
Failure to respond to this request within 30 days may be subject to enforcement action by the Federal Trade Commission, the
U.S. Department of Transportation, or other enforcement authorities.

Compliance Review Questionnaire 
1) Please confirm that: (i) you are authorized to make representations on behalf of your organization
and its covered U.S. entities and U.S. subsidiaries regarding its adherence to the DPF Principles; (ii)
the information submitted to the U.S. Department of Commerce for purposes of self‐certification,
including with regard to personal data received in reliance on its participation in the relevant part(s)
of the DPF program, is accurate and correct; (iii) you understand that misrepresentations in any
information provided to the Department may be actionable under the False Statements Act,
18 U.S.C. § 1001; and (iv) you understand that failure to adhere to the DPF Principles with regard to
such personal data may lead to enforcement actions by the relevant enforcement authority.

2) Please provide the following information concerning the organization that self‐certified its adherence 
to the DPF Principles:
a. Organization Name;
b. Organization Contact (the individual and/or office within your organization handling
complaints, access requests, and any other issues concerning your organization’s compliance
with the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the
Swiss-U.S. DPF);

i.

Name;

ii.

Job title;

iii.

Phone number; and

iv.

E‐mail address

c. Organization Corporate Officer (the individual certifying your organization’s compliance
with the the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or
the Swiss-U.S. DPF);

d.

i.

Name;

ii.

Job title;

iii.

Phone number; and

iv.

E‐mail address

Mailing Address

You are receiving this questionnaire with regard to the following matter: 

3) Has the organization received any individual complaints regarding the matter described above? If it
has, please describe when any such complaint was received, how it was handled and the outcome, and
provide any relevant documentation.
No

4) Has this matter been presented to an alternative dispute resolution provider, an EU data protection
authority (DPA), the UK Information Commissioner's Office (ICO), and/or the Swiss Federal Data
Protection and Information Commissioner (FDPIC)? If it has, please describe when it was presented and
the outcome, and provide any relevant documentation.
No

5) Has the organization otherwise reviewed this matter?  If it has, please describe when any such
review was conducted and the outcome, and provide any relevant documentation
No

6) [Potential additional organization or issue‐specific questions, if appropriate.]

7) Please provide any additional information or documentation regarding this matter.


File Typeapplication/pdf
File TitleMicrosoft Word - PS questionnaire_Compliance Review_04-2017
AuthorDavid Ritchie
File Modified2023-04-12
File Created2017-04-17

© 2024 OMB.report | Privacy Policy