GDPR Compliance

EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework

HIPAA Vault complies with the EU-US Privacy Shield Framework and the Swiss-US Privacy Shield Framework as set forth by the US Department of Commerce.  The collection, use, and retention of personal information transferred from European Union and Switzerland to the United States follows those regulations. HIPAA Vault has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. To learn more about the Privacy Shield program, and to view our certification page, please visit:

GDPR Compliance

The General Data Protection Regulation (GDPR EU 2016/679), which replaces the EU Data Protection Directive (known as Directive 95/46/EC), is a European privacy law. The aim of GDPR is to strengthen data privacy and protection for individuals within the European Union (EU) as well as the transfer of EU personal data outside of the EU. It became enforceable on May 25, 2018.

HIPAA Vault complies with EU data protection laws regarding the international transfer of data. Specifically, HIPAA Vault self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield which address the transfer of data from the EU and Switzerland to the US. HIPAA Vault also offers the EU Standard Contractual Clauses to meet the data security requirements for its EU customers.

Learn more at

Please contact for HIPAA Vault’s DPA, Right to Erasure Request Form, Sub-Processor List or any additional information.