In mid-July, the European Commission deemed the Privacy Shield Framework adequate to support data transfers between the EU and U.S. -based organizations. The official certification program for US organizations became available on August 1, 2016 and many organizations are starting to weigh joining the program.

While the Privacy Shield provides many benefits to U.S.-based organizations — namely ease of partnering with EU companies from a data sharing perspective and protections of EU citizen privacy during data transfer and storage — you should be aware that once you publicly declare commitment to the program and join, you must continue to participate or formally resign from the program. Lack of formal withdrawal from the program and non-compliance to requirements could lead to legal risk or fiscal fines.

The program requires self-certification, which underscores the need for your organization to have a digital policy steward who will track requirements (and any changes) and ensure your organization is compliant.

If you are struggling with digital policy decisions, such as who should steward policies in your organizations, or whether compliance with the Privacy Shield is required or beneficial to your organization, feel free to drop a note.

Photo by Kelly Sikkema