EU – U.S. Privacy Shield Framework

PCI Logo



Inc 5000 Logo




EU – U.S. Privacy Shield Framework

The EU – U.S. Privacy Shield Framework was designed in conjunction with the U.S. Department of Commerce and European Commission to provide European and US companies a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the U.S. when engaging in transatlantic commerce. In order for an organization to enter the Privacy Shield, they must:

  • Be subject to Federal Trade Commission (FTC), Department of Transportation (DOT), and various other statutory regulation.
  • Publically declare commitment to compliance with the principles set for in the framework.
  • Publically disclose its privacy policies as they relate to the principles.
  • Fully implement privacy policies as they relate to the principles.

Why Privacy Shield Matters

Organizations that wish to conduct business abroad that entails the transferring of personal data should adhere to the Privacy Shield Framework to foster, promote, and develop international commerce. Organizations have the option to either self-certify or receive a third-party assessment that confirms that an organization is in compliance with the standards set forth by the framework.

In order to comply with the EU- U.S. Privacy Shield, organizations must adhere to the following principles:

  • Notice
  • Choice
  • Accountability for Onward Transfer
  • Security
  • Data Integrity and Purpose Limitation
  • Access
  • Recourse, enforcement, and liability

While participation in the Privacy Shield framework is voluntary for U.S.-based companies, organizations have previously been sued for allegedly failing to secure consumer information, unlawfully collecting consumer information, and failing to secure internet-connected devices used to store personal information. Participating in the EU – U.S. Privacy Shield program has compliance requirements are clearly laid out, allowing participating organizations to be assured that they are protecting information that is transferred outside of the EU under the EU Data Protection Directive.

As a third-party assessor, A-LIGN can assist your company with the following assessment activities:

  • EU – U.S. Privacy Shield Gap Assessment: A-LIGN’s experienced professionals can review your businesses current data transfer framework and provide a detailed gap assessment to help your business ensure EU – U.S. Privacy Shield Compliance.
  • EU – U.S. Privacy Shield Validation: A-LIGN will collaborate with your organization to gather the evidence required by the EU – U.S. Privacy Shield, review the materials to ensure that you can adhere to the standard, and determine if you meet the compliance requirement.

Need guidance on the EU – US Privacy Shield? Contact A-LIGN’s experienced assessors at 1-888-702-5446 or complete the form on this page.

Our Values:

Be All In.  Commit to Quality.

Constantly Innovate.  Do The Right Thing, Always.

We are fast-growing and we keep expanding our scope, adding additional audit frameworks, locations around the globe, and new services - A-LIGN keeps up and exceeds our expectations.”

– Virtustream