Anyone who is or may be involved with the transfer of consumer information from the European Union to the US should consider a registration under the newly adopted Privacy Shield. This registration commits the registrant to a number of data and consumer inquiry handling practices agreed upon by the EU and US. It is the successor to, but substantially different from, the previous Safe Harbor. Compliance with the Shield should allow registrants to avert government enforcement action.
Of at least equal importance is the potential gain in marketplace credibility which may be provided by registration. While it is too early to know for sure how things will progress, for many large multi-national companies, it is imperative that they be able to demonstrate to regulators their sensitivity to proper data handling practices. Insisting upon registration by their vendors may be an expedient way to do so … and give a leg up for potential vendors who possess such status.
It appears that in most cases, registration will be relatively economical for all registrants, especially for those with prior Safe Harbor registrations, and the process likely to take no more than 30 days to submission once we obtain required information. For companies with prior Safe Harbor registrations, such figures should be less.
It goes without saying that registration is much more than a ‘paper exercise’ which should be undertaken only by companies with the willingness and ability to ensure proper handling of sensitive materials.