BBB EU Privacy Shield
- About BBB EU Privacy Shield
- Where do I start?
- Participation Agreement
- BBB EU Privacy Shield Rules
- Annual Procedure Reports
- Compliance Resources
- Frequently Asked Questions
- For EU and Swiss Consumers: Dispute Resolution
- How to File a Complaint with BBB EU Privacy Shield
- Follow Us on LinkedIn
- Contact Us
How BBB EU Privacy Shield can help your business
What are the Privacy Shield Frameworks?
On July 12, 2016, the U.S. Department of Commerce and the European Commission announced the launch of a new EU-US Privacy Shield Framework to replace the former US-EU Safe Harbor as a new transfer mechanism enabling transfers of personal data from the European Union to the Unites States.
Privacy Shield includes enhanced consumer privacy protections for EU individuals, promotes greater transparency around data collection, use, and sharing, and helps U.S. companies demonstrate that their privacy practices meet EU data protection requirements.
On January 12, 2017, the Swiss Government approved the Swiss-US Privacy Shield Framework as a valid legal mechanism for U.S. companies to comply with Swiss requirements when transferring personal data from Switzerland to the United States.
Under the EU’s new General Data Protection Regulation (GDPR) implemented May 25, 2018, the EU-US Privacy Shield is recognized as an adequate transfer mechanism for transfers of personal data to the United States. For more about GDPR,
see below and check out additional online resources here.
What does Privacy Shield mean for your business?
Privacy Shield enables US businesses to receive and process personal data from the EAA countries and Switzerland after self-certifying their adherence to the protections set out in the Privacy Shield Principles. Your public self-certification to Privacy Shield with the U.S. Department of Commerce will ensure that European organizations and consumers know your business provides adequate privacy protection when:
- You are expanding your operations into Europe and collecting EU or Swiss customer or employee data;
- You are processing EU or Swiss data in the U.S. for a business partner using Privacy Shield; or
- In any situation where your business is using personal data of EU or Swiss individuals.
What Services does BBB EU Privacy Shield Offer?
U.S. businesses participating in the Privacy Shield Frameworks must provide an independent dispute resolution service to EU or Swiss individuals whose personal data they transfer to the United States. We created BBB EU Privacy Shield to help businesses of all sizes meet this requirement and conduct business in Europe using adequate data protections.
Benefits of BBB EU Privacy Shield:
For your business:
- Demonstrated expertise in Data Privacy for more than 20 years
- Practical assistance to businesses of all sizes in navigating Privacy Shield requirements and the self-certification and recertification processes
- Ensures prompt responses to privacy inquiries and complaints
For your consumers
- BBB is the most trusted name in consumer dispute resolution
- Online complaints process provides accessible, transparent dispute resolution
- Services always provided free of charge to EU or Swiss individuals
- Speedy, impartial resolution through our staff conciliation process or independent Data Privacy Review.
What is the GDPR and how does it relate to the Privacy Shield Frameworks?
The General Data Protection Regulation (EU Regulation 2016/679, or GDPR) became effective May 25, 2018. This EU law regulates the data processing activities of organizations established in EU member states, and also applies to certain organizations established entirely outside the EU.
The GDPR permits personal data transfers to countries outside the EU subject to compliance with set conditions, including conditions for onward transfer. Specifically, the GDPR allows for data transfers to businesses in countries with legal regimes that have been deemed by the European Commission to provide an “adequate” level of privacy protection, or under a transfer mechanism, such as Privacy Shield, that offers adequate protection.
While Privacy Shield meets one of the key requirements of GDPR for companies transferring data to the U.S.—that they use an “adequate” data transfer mechanism—there are numerous other elements of GDPR that US companies should know about. Successfully self-certifying to the Privacy Shield does not mean that your company is fully compliant with GDPR. Many US companies are complying with both in tandem.
Where can I learn more?
BBB EU Privacy Shield does not provide specific GDPR guidance or compliance services, but we receive many questions about aligning GDPR and Privacy Shield compliance. Check out our Compliance Resources page, which includes a collection of GDPR resources and a GDPR glossary. We also post recent news and tips for compliance with EU data protection law on our blog.
Visit the Department of Commerce Privacy Shield website for additional information about self-certifying to the Privacy Shield.