Get Started with DPF Services

Privacy is both a legal obligation and a critical element of customer service. For more than 20 years, BBB National Programs has operated with the U.S. Department of Commerce as a trusted, independent recourse mechanism (IRM). With our year-round DPF Program compliance assistance, real-time alerts and monitoring, and on-demand complaint handling, we work to decrease your risk and get you the customized support you need.


For more information on the transition from Privacy Shield to the Data Privacy Framework (DPF) Program, see the timeline.  

Handling personal data involves a lot of moving parts. It’s our mission to help you. 

In three easy steps, use BBB National Programs DPF Services to demonstrate that your privacy practices meet EU, U.K., and Swiss requirements.



Step 1: Sign Up with BBB National Programs 

A key requirement to participate in the DPF Program is the designation of an independent dispute resolution provider, and as the longest-running IRM in the U.S., BBB National Programs is here to help. 


When completing BBB National Programs’ application, please answer each question to the best of your ability and be sure to have the following available: 

  • Contact information (telephone and email addresses) for the company’s primary contact for legal notices and communications, as well as a designated contact for complaints and a billing contact.  

  • Your company’s gross annual sales revenue.  

  • Your company’s legal name and state of incorporation (this same name must be used when you self-certify with the U.S. Department of Commerce). Add any D/B/A names and any "covered entities"—U.S.-based subsidiaries or affiliates to be covered—in the appropriate fields. 


When you complete the application we will provide you with a letter containing a reference number, fee information, as well as a completed Participation Agreement for signature. Please read our Rules and Participation Agreement before submitting the application online.  




Step 2: Prepare Your Certification Package 

The BBB National Programs team will help you prepare all of the elements you need for DPF Program self-certification, including necessary updates to your privacy policy. 


We will review your privacy policy and other applicable notices, provide recommendations based on the DPF Principles , and confirm that they are accessible to all visitors to your public website. For example, you must state if you will participate in the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. DPF, or all of the above. We have outlined some of those options on our Privacy Policy Requirements page and will work with you to ensure the new language is applied correctly.  


Once your application with BBB National Programs is complete, it is time to self-certify with the U.S. Department of Commerce DPF Program.  




Step 3: Self-Certify with the DPF Program 

This step should be completed within 30 days of our approval of your application. Maintaining a current annual self-certification with the U.S. Department of Commerce is a requirement for ongoing participation.  

  • When completing your self-certification application, you will select BBB National Programs in the “Recourse Mechanism” field drop-down.  


Once your certification submission is complete, the U.S. Department of Commerce will instruct you to post your approved privacy policy to your website. Once you notify the Department of Commerce that your notice is published, they will list your organization on the Data Privacy Framework List.  






Frequently Asked Questions for Businesses





Book a Free Consultation