Self-Certifying at PrivacyShield.gov
The International Trade Administration of the United States Department of Commerce has provided for a privacy shield framework which enables American organizations to self-certify that they comply with the data protection requirements in effect in the European Union. The Privacy Shield continues as a valid data transfer mechanism after the GDPR came into effect on May 25, 2018. Organizations can self-certify at www.privacyshield.gov. The process involves the following steps:
1. U.S. businesses have to be under the jurisdiction of the FTC or the Department of Transportation.
3. An Independent Recourse Mechanism must exist to resolve complaints about non-compliance at no cost to the individual.
4. Fees must be paid to the International Centre for Dispute Resolution-American Arbitration Association to handle arbitrations brought by EU citizens.
5. Organizations may verify that they are in compliance through a self-assessment or by engaging a third party.
6. A contact must be designated to handle any complaints or questions about the Privacy Shield.
7. The information needed to self-certify should be reviewed.
8. The self-certification must be submitted to the Department of Commerce.