The Safe Harbor framework, which was negotiated between the EU and the U.S. in 2009, was relied upon by upwards of 4,000 U.S. companies to legally transfer the data from the EU to U.S. However, on Oct. 6, 2015, the Court of Justice of the European Union invalidated the framework over concerns of inadequate data protection laws in the U.S.

More than eight months later, the final version of the Privacy Shield was formally adopted by the European Commission.

Beginning Aug. 1, 2016, companies who wish join the Privacy Shield program will have to self-certify annually to the Department of Commerce that they will adhere to the privacy principles of the new Privacy Shield agreement.

Among the key requirements for companies who wish to participate in the Privacy Shield program are: Informing individuals about data processing; providing free and accessible dispute resolution; cooperating with the Department of Commerce; maintaining data integrity and purpose limitation; ensuring accountability for data transferred to third parties; transparency related to enforcement actions; and ensuring commitments are kept as long as data is held.

Business Information Group will apply for self-certification when it becomes available on Aug. 1, 2016. By self-certifying our compliance with the privacy principles of Privacy Shield, we are ensuring that any collection, use and retention of any personal information from European Union countries will accord with new EU data protection law requirements.

Source: U.S. Department of Commerce