Want your business to be recognized as Privacy Shield Certified ?

What is GDPR?

General Data Protection Regulation (GDPR) is a set of laws on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA).

GDPR has specific requirements regarding the transfer of data out of the EU. One of these requirements is that the transfer must only happen to countries deemed as having adequate data protection laws.

EU does not list the US as one of the countries that meets the GDPR requirement and hence Privacy Shield Framework were design

Privacy Shield Overview:

The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks were designed by the U.S. Department of Commerce, and the European Commission and Swiss Administration, respectively, to provide companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States in support of transatlantic commerce.

On July 12, 2016, the European Commission deemed the EU-U.S. Privacy Shield Framework adequate to enable data transfers under EU law. On January 12, 2017, the Swiss Government announced the approval of the Swiss-U.S.

Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States

Privacy Shield Benefits: 

The Privacy Shield provides many important benefits to U.S.-based organizations, as well as their partners in Europe. These include:

  • Participating organizations are deemed to provide “adequate” privacy protection, a requirement (subject to limited derogations) for the transfer of personal data outside of the European Union under the EU General Data Protection Regulation (GDPR) and outside of Switzerland under the Swiss Federal Act on Data Protection;
  • EU Member State requirements for prior approval of data transfers either are waived or approval will be automatically granted; and
  • Compliance requirements are clearly laid out and cost-effective, which should particularly benefit small and medium-sized enterprises..

What do the Privacy Shield Principles Required?

How we can assist your organization to comply with Privacy Shield Requirements

  • We will review Privacy Shield Framework requirements with you to determine if it is a right solution for your business
  • We will assist you in developing a privacy policy that meets the Privacy Shield principles. We will do so by
    • Analyzing the inflow of the data in your organization, Data Usage, and the data that you share with third parties outside of your organization.
    • Help determine who to give the notices and when.
    • Once it is in place, we will make sure that the notices are drafted accurately and are given at all appropriate times and places.
    • Opt/in and Opt/out
    • Onward Transfer
    • Access
    • Security of personal Information
    • Data Integrity
    • Enforcement
    • Assessment
    • Training
  • We will provide technical assistance and educational materials to assist you throughout the process for understanding and meeting the Privacy Shield requirements. We stand ready to assist your organization in:
    • Meeting the US Department of Commerce’s registration requirements for Privacy Shield
    • Developing required processes/procedures for your organization.
    • Suggesting an independent third-party dispute resolution mechanism, and
    • Addressing any other questions or concerns your company has regarding the safe harbor process.

A privacy policy adhering to the Privacy Shield principles will indicate that your organization places great value on data privacy protection and will make every effort to respect Europeans’ and/or Swiss’ requests regarding use of their personal information.

Learn how we can assist your organization in complying with the Privacy Shield requirements, help implement security processes and controls to avoid data breach and protect sensitive information.