On August 1, 2016 the U.S. Department of Commerce (DOC) started accepting self-certifications for compliance with the Privacy Shield Principles. A number of companies have already started the process to self-certify with the DOC to take advantage of the grace period offered to early adopters of the Principles to get contracts with third parties updated.
The grace period works like this – if a company self-certifies to Privacy Shield within the first two months of the DOC accepting certifications (August 1 – September 30), those companies will be given an additional nine (9) months to get their contracts with third parties updated to meet Privacy Shield requirements. So if a company certifies to Privacy Shield on September 1st, they have nine (9) months from that date to get their third party contracts updated. During that time, the Notice and Choice Principles apply to transfers to third parties. The grace period only applies to the Accountability for Onward Transfer Principle. The company needs to be in full compliance with the remaining Principles to self-certify.
Companies self-certifying Privacy Shield compliance with the DOC after September 30th will need to be in full compliance with all the Principles including Accountability for Onward Transfer and must be able to provide a copy of the privacy provisions in their contracts to the DOC upon request. This means, a company must have all their ducks in a row (including updating contracts) before they self-certify.
For more information on TRUSTe’s Privacy Shield Solutions visit EU-U.S. Privacy Shield Solutions or call on 1-888-878-7830.