According to Rochelle Osei-Tutu, an International Trade Specialist at the U.S. Department of Commerce, over 4,000 companies have already registered for EU-US Privacy Shield and 2,600 for the Swiss-US Shield. Of them, 1,300 cover cross-border flows of HR data. Eighty percent of registered companies are small and medium-sized businesses, but many Fortune 500 companies are registered as well.

It took 13 years under the now defunct Safe Harbor to reach these numbers, which have been reached in just two years of Privacy Shield. This, says Osei-Tutu, underscores the importance of data protection and cross-border transfers now.

Things to look out for, regarding Privacy Shield on the commercial side, says Ralf Sauer, Deputy Head of Unit for International Data Flows at the European Commission, are checks against false claims made by companies and making sure that there are no bad apples on the list that don’t play by the rules. In the wake of the Schrems lawsuit, surveillance under Section 702 of FISA and the functioning of the ombudsperson mechanism are of importance as well. A remaining issue of concern for the EU is the appointment of a permanent ombudsperson, says Sauer.