Privacy Shield and GDPR

Companies certified with the EU – US Privacy Shield may have GDPR compliant practices, but should understand that GDPR presents a larger scope of policies.

The EU-U.S. Privacy Shield Framework provides a method for companies to transfer personal data to the United States from the European Union (EU) in a way that is consistent with EU law. To join the Privacy Shield Framework, a company must self-certify to the Department of Commerce that it complies with the Privacy Shield Principles. A company’s failure to comply with the Principles is enforceable under Section 5 of the FTC Act prohibiting unfair and deceptive acts. The FTC has committed to make enforcement of the Framework a high priority, and will work together with EU privacy authorities to protect consumer privacy on both sides of the Atlantic. The Framework replaces the U.S.-EU Safe Harbor Program. Check out this Fact Sheet for an overview of the program.More detailed information is available at the Department of Commerce Privacy Shield Website.

PII Compliance offers compliance monitoring across multiple channels against an ever changing landscape of security threats and legal policies.

www.piicompliance.org