The EU-US Privacy Shield is now officially available (as of August 1, 2016), and companies may sign up with the US Department of Commerce to become certified. Through the self-certification process, companies will be able to assert that their data collection and processing practices are in compliance with the new Privacy Shield data protection standards, but must provide transparent and affordable dispute resolution mechanisms.
While this now gives clear directive for US companies when it comes to compliance with individual privacy of EU citizens, meeting these new standards may require some adjustments to data management practices.
Is Privacy Shield Right for Your Business?
Privacy Shield institutes fundamental rights of EU citizens over their personal data when it is transferred overseas – specifically to the United States. The agreement stipulates that companies must provide clear explanations of how personal information is collected, processed, and shared, in simple language that can easily be understood by the general population. In addition, personal data may only be used for the purpose that is stated at the time of collection, and for which consent has been given, and any other use requires further explicit approval.
We’ve put together a white paper and series of blog articles to provide guidance around the EU-US Privacy Shield, and what the core principles mean for companies dealing with transatlantic commerce. Sign up today!