For multinational organizations, cross-border data transfers are essential to carrying out business activities. However, the transfer of personal data from the European Economic Area (EEA) to recipients located outside the EEA is generally prohibited unless the receiving country provides an adequate level of data protection determined by the EU. Currently, the U.S. data protection laws are not legally recognized as providing an adequate level of data protection under EU law, which has profound impacts on many E.U.-U.S. operations.
In 2016, the European Commission approved the E.U.-U.S. Privacy Shield as an alternative means to legally transfer E.U. personal data to the U.S. An organization who wishes to benefit from Privacy Shield certification will be required to self-certify to the Department of Commerce and publicly commit to comply with the Framework’s requirements.
There are many factors that must be considered when determining whether it is in your organization’s best interest to self-certify. At DPOAdviser, our team of privacy professionals will conduct a privacy and data protection audit to determine whether it is in the best interest of your organization to self-certify. Rather than accept the risk of noncompliance, let us help your organization reach its compliance goals today.