EU-U.S. Privacy Shield GDPR


business privacy shield program guide

What is Privacy Shield Certification?

The EU Privacy Shield framework was developed by the U.S. and European Union to safeguard private data transmission between the two continents.

The privacy shield agreement sets standards for both employee and customer data transfers, as well as any use of third party vendors.

So if your business or organization exchanges data between the U.S. and E.U., you’ll want to strongly consider privacy shield self-certification to ensure all data privacy shield requirements are met.

GDPR vs Privacy Shield: Understanding the Difference

Though they are directly related, Privacy Shield and GDPR are distinct.

The General Data Protection Regulation (GDPR) is a set of legal requirements for protecting the privacy and security of the personal data of citizens or residents of the European Union.

Privacy Shield is a framework designed to facilitate data transfer between the European Union and the United States while complying with Europe's data protection laws.

Who Is Subject to Privacy Shield/GDPR Compliance?

Whether based in the EU or not, any organization that handles the data of citizens or residents of the European Union is subject to the GDPR.

Going through Privacy Shield is initially voluntary, but once an organization complies with the framework and self-certifies, it becomes legally required to comply with the requirements.

Schedule A

How to Comply With GDPR Under Privacy Shield

To comply with the GDPR under Privacy Shield, an organization must join the Privacy Shield GDPR program and self-certify, which requires the following steps:

  • Confirm that your organization is eligible for the program
  • Create a compliant privacy policy statement
  • Clarify what your organization's recourse mechanism will be
  • Pay the arbitration fund fee
  • Implement a compliance verification process
  • Select an individual within your organization to serve as the Privacy Shield contact
  • Review requirements and submit your organization's self-certification

RSI Security's GDPR compliant services provide expert guidance to ensure a smooth and successful self-certification process.

The Importance of the Privacy Shield Certification

Though Privacy Shield certification is voluntary, it may be the best data privacy certification for organizations handling significant amounts of personal data from Europe.

Organizations that join show their commitment to digital security, safeguarding personal data, and taking the initiative to adhere to a higher standard. Additionally, doing so helps ensure the implementation of robust security controls, reflects well on your organization, and furthers industry efforts to encourage higher standards worldwide.

Non-Compliance Penalties

Failing to comply with Privacy Shield GDPR requirements after joining the program could lead to penalties of up to $40,000 per day or per violation.

Prepare for EU-US Privacy Shield Self Certification

RSI Security provides a wide range of assessment, verification and dispute resolution throughout the Privacy Shield Self-Assessment process:

Privacy Policy Review and Creation

Compliance Assessment and Verification

Privacy Shield Certification Training

Ongoing Certification Maintenance

Overview of RSI Security’s Privacy Shield Program

Make Privacy Shield self-certification a breeze with the guidance and expertise of RSI Security’s EU Privacy Shield Framework program. As one of the top data protection vendors in the country, RSI Security will help ensure that you’re up to Privacy Shield US-EU standards.

Showing that your certification of Privacy Shield is now a critical element in any effective, global cybersecurity compliance strategy. RSI Security will help you become one of the many privacy shield certified companies, from your Privacy Shield application through self-certification.

Benefits of Working with RSI Security

Image 23

Business Efficiency

By completing Privacy Shield self-certification with RSI Security, you’ll avoid much of the time consuming legal research and technical writing. Our experienced team will take certification tasks off your plate so you can focus on what matters: your business.

Image 23

Guaranteed Assurance

The privacy shield agreement affects multiple departments, individuals and stakeholders across your organizations. RSI Security will provide a rigorous, thorough EU privacy shield assessment that lets everyone in your company rests easy at night. 

Image 23

Compliance Expertise

RSI Security doesn’t just help you go the distance in obtaining your Privacy Shield self-certification. Out compliance experience and expertise enable us to think strategically on your behalf and improve cybersecurity and compliance outcomes across the board.

How can RSI Security Assist Your Organization with Privacy Shield Self-Certification?

RSI Security has all the bases covered when it comes to your Privacy Shield self-certification.

Privacy Shield Assessment

We’ll help you tick all the boxes of the privacy shield checklist. RSI Security will conduct a complete gap analysis of your data security and transfer practices and help fill in any gaps to help you meet privacy shield agreement standards.

Custom Privacy Review

RSI Security’s custom privacy review process will guide what actionable steps need to be taken in order to achieve Privacy Shield self-certification. Our team will review your organization’s current technologies, processes and practices prior to verification.

Verification & Maintenance

Once your Privacy Shield certification is complete, we’ll make sure your verified and ready to tell your team and partners that you’re good to go. Our third-party verification services also go hand-in-hand with ongoing privacy certification training to ensure year-round compliance.

Data Privacy by Location

North America
north america














Click the
button to expand


North America










The General Data Protection Regulation (GDPR) has been in effect since May 25, 2018. It protects the privacy rights of data subjects in the European Union. It ensures transparency in communication and accessible modalities for data subjects to exercise their rights, which include: information about and access to personal data; rectification and erasure, including restrictions on select processes; and opting out of automated decision-making. Data processors and controllers must ensure privacy by design and default, and they may need to appoint a Data Protection Officer (DPO) or implement risk assessments and other measures, per the discretion of the EU Member State or other entity designated as their supervisory authority.

The GDPR applies to organizations based in the EU that process personal data, along with organizations outside of the EU that process the personal data of EU residents, offer goods or services to them, or monitor the behavior of EU residents. If a data breach occurs, the data controller is responsible for providing notification to their supervisory authority no more than 72 hours after becoming aware of the incident. The notice must include the nature of the breach, its likely consequences, and what measures are being taken to mitigate them, among other details.

Privacy Shield and GDPR FAQs

Privacy Shield is not intended to facilitate compliance with GDPR in its entirety.

It's a framework for participating organizations to meet the European Union's requirements for transferring the personal data of its citizens and residents to outside countries, which are detailed in Chapter five of the GDPR.

Yes, Privacy Shield still acts as a mechanism for handling EU personal data per the legal requirements of the GDPR, and active participants are still legally required to comply.

Participation in Privacy Shield is voluntary at first. However, upon committing to the framework, compliance becomes legally required.

The seven primary Privacy Shield principles are:

  • Notice
  • Choice
  • Accountability for Onward Transfer
  • Security
  • Data Integrity and Purpose Limitation
  • Access
  • Recourse, Enforcement, and Liability 

All participating organizations must follow these and the 16 supplementary principles for Privacy Shield certification.

Organizations pursuing EU-U.S. Privacy Shield certification must contribute to the framework's arbitration fund by paying a fee based on annual revenue as follows:

  • Up to $5 million – $250
  • Over $5 million to $25 million – $650
  • Over $25 million to $500 million – $1,000
  • Over $500 million to $5 billion – $2,500
  • Over $5 billion – $3,250

The fee increases for organizations that also certify for the Swiss-U.S. frameworks, and annual recertification costs $50.


Organizations that trust RSI Security

Screenshot 2023-10-13 142906