facebook linked in twitter


March 1, 2017

What You Need to Know to Get Started with Privacy Shield Certification

By David F. Katz

In an article published in the March 2017 issue of ALM’s Cybersecurity Law & Strategy Journal, Atlanta partner David Katz provides insight into what companies need to know about privacy shield certifications if they operate in the U.S. or European Union. Mr. Katz explains that if your company maintains operations in the European Union or is U.S. based but obtaining personal data from European citizens, you will need to strongly consider obtaining certification under the new Privacy Shield framework. If you collect, use or process information that contains data about identifiable individuals in the EU, you likely are governed by the EU Data Protection Directive when you transfer that information to the U.S., he says. The basic principle asserted by the EU is that its citizens own their personal data as a natural right, and the government will enforce that right everywhere. There are small fees attached to the certification process, but the real cost will be in setting up the internal processes for compliance and the Privacy Shield, even with its costs, offers the least invasive means of compliance for most companies, Mr. Katz says.