Ensuring Privacy Shield Compliance
The Privacy Shield program is a framework created by the US Department of Commerce, the European Commission and Swiss Administration to provide companies with a mechanism for complying with data protection requirements when transmitting personal information across the Atlantic. Designed to support transatlantic commerce, the Privacy Shield program provides a set of enforceable protections for the personal data of EU citizens. US-based companies wishing to collect and use personal data of EU individuals must meet certain requirements for data security, access, accountability, integrity and other principles to be compliant with the Privacy Shield requirements.
In theory, EU-based organizations will only transfer personal data to US companies that are listed by the US Department of Commerce as being compliant with the Privacy Shield. US companies can self-certify on the Department of Commerce website. Self-certification places companies under legal obligation to be compliant, and compliance failures may result in prosecution.
Privacy Shield requirements may mean significant changes for some US companies in the way that personal data is collected, used and stored. For organizations seeking help to manage Privacy Shield risk and compliance, Optiv provides leading expertise, solutions and security technology.
Managing Privacy Shield Compliance with Optiv
Optiv helps organizations plan, build and run successful cyber security programs. As one of the top cyber security companies in North America, we offer capabilities that span the entire information security space. With help from Optiv specialists, organizations can more successfully define strategy, establish security metrics, identify threats, deploy effective technology and ensure operational readiness to defend the organization against a wide variety of risk.
We provide Privacy Shield consulting as part of our services for enterprise risk and compliance. Rather than focusing solely on Privacy Shield compliance, our approach involves helping organizations to better align compliance programs with business objectives – achieving Privacy Shield compliance in the process.
Solutions for Privacy Shield Compliance
To help organizations comply with Privacy Shield guidelines, we offer:
- Information security risk management and security threat assessment services to evaluate and document current controls and map them to Privacy Shield requirements.
- Gap analysis services to identify weaknesses in current systems and provide recommendations to bring practices into Privacy Shield compliance.
- Policy assessment and development to modify or develop policies to align compliance with business goals and Privacy Shield requirements.
- Third-party risk management consulting to help identify and manage risk related to third party usage of EU citizen data.
- Staff augmentation, providing flexible staffing services to assist with day-to-day execution of compliance programs.