We are often asked, “What is the best first step to move towards GDPR compliance for US-based organizations?”. The answer: Privacy Shield.
How Does GDPR Affect US Companies?
US companies have no legal ground to stand on for GDPR compliance. Privacy laws in the United States are much laxer compared to the Europian Union, and so the EU does not consider US data protection to give adequate protection to its citizens.
One specific requirement in GDPR deals with the transfer of data and personal information out of the EU. Compliant transfers can only be sent to countries with data protection laws that meet the EU’s standards. In general, the US laws are not considered adequate, so companies using data from the EU are responsible for making up the difference.
This means US firms are stuck. However, Privacy Shield provides the best vehicle for US companies to ride into GDPR town.
Does Privacy Shield Comply with GDPR?
Yes, Privacy Shield allows US companies (or EU companies working with US companies) to meet the legal requirement of the GDPR. It creates a process for companies who need to improve their data protection policies. Therefore, Privacy Shield facilitates the safe transfer of information required by GDPR.
Take note that self-attesting and publicly stating Privacy Shield compliance is a legally binding act. This elevates a US organization’s legal status to adequately reach the EU’s privacy law requirements. Although Privacy Shield is not the only vehicle to elevate a US organization’s legal status, it’s one of the best.
For this reason, we have developed our GDPR compliance service offering around the Privacy Shield framework so US organizations can be effective and efficient in their compliance efforts. To learn more about how Pivot Point Security can help your organization can reach Privacy Shield and GDPR compliance, reach out!