The International Trade Administration of the United States Department of Commerce has provided for a privacy shield framework which enables American organizations to self-certify that they comply with the data protection requirements in effect in the European Union. The Privacy Shield continues as a valid data transfer mechanism after the GDPR came into effect on May 25, 2018. Organizations can self-certify at www.privacyshield.gov. The process involves the following steps:

1. U.S. businesses have to be under the jurisdiction of the FTC or the Department of Transportation.

2. Prepare a privacy policy, which specifically states that it adheres to the Privacy Shield Principles, and must include a link to www.privacyshield.gov. The privacy policy must be made available. Organizations with a web site, must include a link to where the policy can be viewed.

3. An Independent Recourse Mechanism must exist to resolve complaints about non-compliance at no cost to the individual.

4. Fees must be paid to the International Centre for Dispute Resolution-American Arbitration Association to handle arbitrations brought by EU citizens.

5. Organizations may verify that they are in compliance through a self-assessment or by engaging a third party.

6. A contact must be designated to handle any complaints or questions about the Privacy Shield.

7. The information needed to self-certify should be reviewed.

8. The self-certification must be submitted to the Department of Commerce.