EU-US Privacy Shield Compliance

Backbone Consultants has the expertise to guide your company effectively through the Privacy Shield (formerly Safe Harbor) self-certification process. As regulations begin to tighten on the protection of personally identifiable information (PII), it is mandated that adequate safeguards be implemented in order to allow the transfer of user personal data between the United States and the European Union.

Our in-house developed Privacy Shield audit framework will evaluate your existing Privacy Policy, review adherence to the Privacy Shield (U.S.-EU) Privacy Principles, assist in selecting an independent arbitration provider and submit the self-certification application to the Department of Commerce (DOC). By partnering with our experienced consultants, Backbone can quickly work to identify the PII data being collected and stored, determine how it is shared with your third party partners and bring your company into compliance with current privacy laws. Backbone’s Privacy Shield Compliance services include the following activities:

Governing Agencies: Backbone understands that the identification of the Privacy Shield authoritative bodies is paramount to understanding the compliance process. The European Commission has partnered with the U.S. Department of Commerce to put in place a governing agreement in which commercial transfer of data can transfer across the Atlantic. For U.S. companies depending on the type of business being operated, the DOC has two branches of enforcement the Department of Transportation (DOT) or the Federal Trade Commission (FTC). Through inquiry, Backbone will identify the correct governing agency that will be responsible for enforcing Privacy Shield compliance.

Privacy Principles Framework: Backbone has closely analyzed each of the Privacy Shield (U.S.-EU) Privacy Principles and broken out their specific requirements into actionable controls that can be tested. By evaluating these controls, Backbone can more easily understand ownership and obtain evidence supporting the compliance of each principle. The Privacy Principles assessed include: Notice, Choice, Onward Transfer, Security, Data Integrity, Access, and Enforcement.

Privacy Policy: Backbone’s understands that Privacy Shield self-certification cannot be achieved without implementing a Privacy Policy that clearly states compliance with Privacy Shield. If determined necessary, our consultants will evaluate and update your policy sections including: Overview, Collection & Use of Personal Information, Information Sharing & Disclosure, Legal, Security, Contact Information, and Dispute Resolution.

Arbitration Dispute Resolution (ADR): The Privacy Principle of Enforcement requires a company to establish an independent recourse mechanism in order to resolve privacy related disputes. Backbone has evaluated each of the industry leaders in arbitration dispute resolution (ADR) services and understands their fee structure and how they can effectively resolve complaints. Our consultant will narrow the ADR providers and assist in the selection process and establishment of a formal agreement to meet the needs of the company and comply with Privacy Shield.

Self-Certification: Backbone has reviewed the application requirements and understands the self-certification application process with the Department of Commerce. Our work product and compliance framework will allow your organization to independently and easily reassess and self-certify annually thereafter.

Backbone’s Privacy Shield compliance services can provide your company with the skills necessary to achieve Privacy Shield certification. By partnering with our team of professionals, Backbone can help your company give assurance to customers that their personal data is handled with care and not exposed to unnecessary risk.