EU-US Privacy Shield Self-Certification Starts Today

Written by: Richard Sheinis, Esq.

Today, August 1, is the first day that the U.S. Department of Commerce is accepting self-certifications under the EU-US Privacy Shield.  The Privacy Shield, which essentially takes the place of the invalidated Safe Harbor, allows for the transfer of personal information from the EU to the U.S.  The self-certification process is fairly straight forward.  A company simply certifies to the Department of Commerce that they are in compliance with the Privacy Shield.

A high level, and overly simplistic view of self-certifying, involves following these steps:

1. Determine whether your company is eligible
2. Prepare a privacy policy that is Privacy Shield Compliant
3. Establish an independent recourse mechanism for complaint resolution
4. Have a compliance verification mechanism in place
5. Designate a contact within your company for all issues related to the Privacy Shield

The U.S. Department of Commerce is offering an early bird discount of sorts.  Organizations that self-certify by September 30 will be given a grace period of nine months to comply with the regulations of the Privacy Shield.  Let us know if you need assistance evaluating whether the Privacy Shield is right for you, or to help you self-certify.