020 530 0160


Gepubliceerd op 26 juli 2016 categorieën 

Privacy Shield is officially adopted by the European Commission in its adequacy decision of July 7, 2016. Privacy Shield offers a framework to which American companies may self-certify, to allow the transfer of personal data from the European Union to the United States without additional requirements. Privacy Shield replaces the Safe Harbour Framework, which was invalidated by the Court of Justice of the European Union on October 6, 2015.

The Department of Commerce will start accepting self-certifications under Privacy Shield as of August 1, 2016. In this regard, the Department of Commerce has published a guide to prepare for the self-certification. Essentially, the guide boils down to the following 5 steps:

Step 1: Jurisdiction

Verify if your organization is subject to the jurisdiction of the Federal Trade Commission (FTC) or the Department of Transportation (DOT).

·         Contact the Privacy Shield Team at the Department of Commerce if you are not sure if your organization falls under the jurisdiction of the FTC or DOT.

Step 2: Recourse Mechanism

Choose your organizations independent recourse mechanism.

·         Registration is required prior to the application for self-certification;

·         You may choose between:

o    an independent recourse mechanism in the private sector, such as BBB, TRUSTe, AAA, JAMS, DMA; or

o    the cooperation and compliance with the EU data protection authorities, for which an annual fee is required. This option is mandatory if human resources data will be processed under Privacy Shield.  

Step 3: Contact Person

Designate a contact person within your organization for privacy-related questions. The contact person is a first stop for a complaint of an individual, before contacting the independent recourse mechanism, and the contact person is required to respond to complaints of individuals within 45 days of receiving  the complaint.

Step 4: Privacy Policy

Update (or draft) your privacy policy in accordance with the Privacy Shield Principles. Your privacy policy must (inter alia) include:

·         A statement that you adhere to the Privacy Shield Principles, including a hyperlink to the Privacy Shield website: www.privacyshield.gov [update!];

·         A statement of your independent recourse mechanism, including a hyperlink to the (complaint issue form on the) website of that mechanism if the privacy policy is available online, and relevant contact details (see step 2);

·         The contact details of your contact person (see step 3); and

·         A clear, concise and easy to understand description of your organization’s personal data handling practices and the choices your organization offers individuals with respect to the use and disclosure of their personal data.

Step 5: Verification mechanism

Update or implement a verification mechanism for verifying your organization’s compliance with the Privacy Shield Principles. The verification may be performed by self-assessment or a third-party assessment.

The full guide as published by the Department of Commerce is available here.

Bron: commerce.gov
Deze blog is automatisch geïmporteerd uit een oudere versie van deze website. Daarom is de lay-out mogelijk niet perfect.


Rosalie Heijna


Gerelateerde artikelen