One week into the new Privacy Shield program, and companies have slowly begun to assimilate –– submitting self-certification as they review their internal privacy policies, and those of their vendors and partners.

The program’s framework requires all companies to self-certify by September 30, with a nine-month grace period to ensure compliance with their third party contracts.

Among the first few to take the plunge are multinational corporations, Microsoft and Workday.

These frontrunners recognize Privacy Shield as the first of several steps that will provide greater predictability for businesses operating in Europe. Between this and GDPR, European organizations will be far better equipped to scale their operations through digital solutions.

Microsoft’s VP for EU Government Affairs, John Frank, publicly proclaimed that Safe Harbor fell short of expectations, but believes that Privacy Shield now adequately meets European data protection requirements.

Acxiom’s Global Public Policy and Privacy Officer, Sheila Colclasure, discussed the significance of the new EU-US Privacy Shield laws.

Key differentiators:

  1. Greater disclosures and opt-out requirements
  2. Companies to provide EU citizens with easier access to data about them
  3. Companies to make it easier for EU citizens to make changes to that data
  4. Data controllers ensure third parties are only using data for limited/specific purposes

Questions still remain about the strength of Privacy Shield’s structure, but those with reservations are going to track the new regulation’s progress to see if kinks are worked out by next year.

Colclasure recognized that a post-Brexit effect, which may have a direct impact on GDPR (link to Brexit blog post), could be another potential snag in the Privacy Shield’s effectiveness.

“As the privacy debate continues to unfold throughout the world, Privacy Shield underscores the concerted effort to strengthen consumer data protections and ensure brands and marketers are accountable with the personal data entrusted to them,” she added.

There may be a few uncertainties, but don’t let that stop you from taking the necessary steps to become self-certified.

If you have questions about  Privacy Shield compliance, drop us a line.