Privacy Shield is gone but not forgotten.
Adam C. Schlosser, for the International Association of Privacy Professionals (IAPP), writes on why the EU-U.S. Privacy Shield is still a useful data protection governance tool.
“Simply leaving the Privacy Shield program or disregarding its principles would be a mistake, particularly for those organizations that have already built an entire sophisticated compliance program and developed products and services with Privacy Shield in mind”.
Abiding by Privacy Shield principles is still beneficial because:
- Privacy Shield obligations are still binding.
- Privacy Shield still serves as a blueprint towards meeting General Data Privacy Regulation (GDPR) obligations, including those covering data minimization, retention, and data subject rights.
- Maintaining a well-built data protection compliance program is not a sunk cost but one that will continue to provide a return on investment.
- Privacy Shield principles may also serve as a form of “supplementary measures.”
- Privacy Shield creates a foundation for compliance with more than GDPR – the Privacy Shield criteria meet or exceed most data privacy regulations.
- Privacy Shield may return in a new form and you’ll be more prepared.