Data Privacy is Complicated Enough – Busting 3 Common Misconceptions About Privacy Shield

Privacy Shield is a certification for businesses conducting cross-border data transfers to continue efficient operations.

While it’s faced scrutiny, here are the 3 misconceptions about Privacy Shield and the facts you should know.

The Grace Period Ended – It’s Too Late to Certify for Privacy Shield

data transferAlthough the deadline to qualify for the onward transfer requirements grace period ended September 30th, it is not too late to certify.

While there is no deadline to self-certify, if you have clients and/or employees in Europe, you will need to use one of the recognized data transfer mechanisms to process that data outside Europe.

In addition to these regulatory obligations, your company may face pressure from clients or business partners to get the certification.

Just as many companies required their suppliers and partners to be Safe Harbor certified, expectations around Privacy Shield are likely to be the same.

Privacy Shield provides a visible way for companies to demonstrate their compliance with EU data transfer rules.

The Onward Transfer Grace Period Covered the Bulk of Privacy Shield Requirements

Onward transfer is only one of many Privacy Shield requirements.

Companies still have to ensure all of the other requirements are met, such as: notice, choice, security, data integrity & purpose limitation, access, recourse, and enforcement & liability.

So while you missed the grace period, it only addressed one portion of the overall requirements.

Privacy Shield is Only for Customer Data

HR data

If you have employees in the EU, you also need to consider Privacy Shield for your HR data.

This is a separate certification which you can add at any time to your existing listing with the Department of Commerce.

Currently, over 300 companies are on the Privacy Shield list, many of which are using this approach to facilitate compliance with customer and HR data requirements.

Privacy Shield Aligned Compliance

Demonstrating that your data protection mechanisms align to regulatory requirements such as the EU-U.S. Privacy Shield – remains a challenge.

Customers, business partners, and regulators look to your organization for an independent, attestable program that includes mechanisms for cross-border data transfers.

TrustArc’s International Privacy Verification, a Privacy Shield aligned verification maintains industry-established principles and standards for protecting personal data.

With our Verification, receive an independent third-party review aligned to Privacy Shield Principles that demonstrates your organization’s commitment to privacy protections.

TrustArc | TRUSTe offers a comprehensive Privacy Shield Assessment and Verification program.