How to join the EU-U.S. Privacy Shield?
23. August 2016
In order to join the EU-U.S. Privacy Shield a company has to self-certify and therefore ensure the following requirements:
1. The eligibility of the company has to be confirmed in order to participate in the
EU-U.S. Privacy Shield.
2. Development of a Privacy Policy that is compliant to the EU-U.S. Privacy Shield.
- The Privacy Policy has to comply with the EU-U.S. Privacy Shield Principles.
- The Privacy Policy has to refer to the Privacy Shield Compliance.
- An accurate location for the Privacy Policy has to be provided and made sure that it is publicly available.
3. Independent recourse mechanisms need to be identified.
- Enforcement and Liability Principle: the company has to provide an independent recourse mechanism available to investigate unresolved complaints at no cost to the individual.
4. Verification mechanisms need to be in place.
- The company is required to have procedures in place for verifying compliance through self-assessments or third party assessments.
5. Implementation of a person of contact.
- The company is required to provide a contact with regard to questions, complaints, access requests, and any other issues arising under the EU-U.S. Privacy Shield.
Furthermore, the company has to pay a fee depending on the annual revenue:
| Company’s Annual Revenue | Fee |
| $0 to $5 million | $250 |
| Over $5 million to $25 million | $650 |
| Over $25 million to $500 million | $1,000 |
| Over $500 million to $5 billion | $2,500 |
| Over $5 billion | $3,250 |
