EU-U.S. Privacy Shield


Effective August 1, 2016, the EU-U.S. Privacy Shield Framework was designed in conjunction with the U.S. Department of Commerce and European Commission to provide European and U.S. companies a way to comply with EU data protection requirements. U.S. companies who have clients or employees in the EU and are transferring personal data from the EU to the U.S. when engaging in transatlantic commerce must follow the EU data transfer requirements. The Privacy Shield Framework aims to provide companies in the U.S. and EU a means to comply with data protection requirements when transferring data outside of the EU to the United States.

About EU-U.S. Privacy Shield

For an organization to enter the EU–U.S. Privacy Shield, they must:

  • Be subject to Federal Trade Commission (FTC), Department of Transportation (DOT), and various other statutory regulations.
  • Publically declare commitment to compliance with the principles set forth in the framework.
  • Publically disclose its privacy policies as they relate to the principles.
  • Fully implement privacy policies as they relate to the principles.

The seven privacy shield principles that organizations need to adhere to are:

  1. Notice
  2. Choice
  3. Accountability for Onward Transfer
  4. Security
  5. Data Integrity and Purpose Limitation
  6. Access
  7. Recourse, Enforcement, and Liability

Click here to read more about the EU-U.S. Privacy Shield Principles

Organizations that wish to conduct business abroad that entails the transferring of personal data should adhere to the Privacy Shield Framework in order to foster, promote, and develop international commerce. Organizations have the option to either self-certify or receive a third-party assessment that confirms that an organization is in compliance with the standards set forth by the framework.

While participation in the Privacy Shield framework is voluntary for US-based companies, organizations have previously been sued for allegedly failing to secure consumer information, unlawfully collecting consumer information, and failing to secure internet-connected devices used to store personal information. Participating in the EU-U.S. Privacy Shield program is that compliance requirements are clearly laid out, allowing participating organizations to be assured that they are protecting information that is transferred outside of the EU under the EU Data Protection Directive.

A-LIGN can assist your company with the following assessment activities:

  • EU-U.S. Privacy Shield Gap Assessment: A-LIGN’s experienced professionals can review your businesses current data transfer framework and provide a detailed gap assessment in order to help your business ensure EU-U.S. Privacy Shield Compliance.
  • EU-U.S. Privacy Shield Validation: A-LIGN will collaborate with your organization to gather the evidence required by the EU-U.S. Privacy Shield, review the materials to ensure that you can adhere to the standard, and determine if you are able to meet the compliance requirement.

EU-U.S. Privacy Shield Solutions Tailored to Your Company

Choosing A-LIGN as your partner in validating your EU-U.S. Privacy Shield adherence benefits your organization by:

  • Alerting your organization of potential data privacy and integrity shortcomings as they are discovered so that your organization can begin remediation efforts.
  • Allowing your organization to strengthen their relationship with global partners.
  • Ensuring your organization is compliant within the regulatory requirements set by the EU-U.S. Privacy Shield.

The A-LIGN Edge

Our customized compliance solutions and streamlined audit process allow you to meet all of your audit and compliance needs with a single service provider. One-stop shopping means a stress-free audit process for you, as you work with one team who understands the unique needs of your organization. See what our clients have to say:

Benefit from Our Expertise