For multinational organizations, cross-border data transfers are essential to carrying out business activities. However, the transfer of personal data from the European Economic Area, or the (“EEA”) as it’s widely known, to recipients located outside the EEA, is generally prohibited unless the receiving country provides an adequate level of data protection determined by the EU.
Currently, the U.S. data protection laws are not legally recognized as providing an adequate level of data protection under EU law, which has profound impacts on many E.U.-U.S. operations.
Fortunately, in 2016, the European Commission approved the E.U.-U.S. Privacy Shield as an alternative means to legally transfer E.U. personal data to the U.S. The privacy shield is a cost-effective and convenient data transfer mechanism that provides the most significant benefit to organizations that transfer a majority of their EU personal data to the U.S. For example, a U.S. based company headquartered in California that serves as the global hub for its entities data, will find the privacy shield as particularly helpful.
An organization who wishes to benefit from Privacy Shield certification must self-certify to the Department of Commerce. The privacy shield self-certification process requires, among other things, that your organization update and review its privacy policies, provide an independent recourse mechanism by which individual complaints and disputes can be investigated and quickly resolved, and your organization must publicly commit to comply with the Framework’s requirements.
For more information about how we can help your organization achieve Privacy Shield certification, contact our team today. Click here to schedule an appointment for a time that works best for you.
We look forward to hearing from you.