The Top 3 reasons to register for Privacy Shield right now

September 13, 2016

Are you a US based organization processing the personal data of European Union citizens? Were you registered under Safe Harbor? Do you think you still are registered under Safe Harbor? Then this short article is for you.

A quick refresher on Privacy Shield and Safe Harbor

The European Union recently ruled that data on EU citizens cannot be transferred or processed in the United States without meeting specified protection criteria. These criteria are set forth in an arrangement known as The Privacy Shield.

The Privacy Shield replaced and invalidated Safe Harbor on August 1, 2016. Safe Harbor was the former personal data sharing arrangement between the European Union (EU) and the United States. Organizations that were previously registered under Safe Harbor can no longer rely on its adequacy and must update their compliance and protection mechanisms.

And now, without further ado, here are the Top 3 reasons your organization should register for Privacy Shield now:

#1: Registering early will earn you some special privileges

Because the folks at the Department of Commerce and the European Union understand that compliance takes time, they have made a good faith gesture and provided a 9 month long grace period for companies that register their self-certification by September 30, 2016. This grace period is designed to help organizations get their contracts with 3rd party data processors in line with the Privacy Shield requirements. (More about that here)

#2: You just don’t want the trouble!

Let’s be brief on this one. If Privacy Shield applies to you (see the quick refresher above) then you’ll basically be breaking the laws of the European Union if you don’t comply. So the sooner you do it the better, because you just don’t want the trouble.

#3: It’s a lot easier than you might think

There is a really great, FREE tool called Whistic (full disclosure, we built it) that can help with Privacy Shield. Whistic was built to help companies complete self-assessments in the context of IT risk assessments, but we recently released a clever workflow designed specifically for Privacy Shield.

Privacy Shield Report Example

If you assess using Whistic you will receive a free gap analysis that highlights what you need to do to achieve compliance. You will also have the option to let Whistic file your Privacy Shield registration with the Department of Commerce and the International Trade Administration for a small fee — think e-filing with TurboTax.

You can check out Whistic’s general offerings by clicking here, or view our dedicated Privacy Shield offering here. Whatever you choose to do, thanks for reading and feel free to reach out at to let us know how we can be of service to you.

Privacy Shield

The International Trade Administration (ITA) has implemented a cost recovery program to support Privacy Shield's…


Whistic is an award winning risk assessment and analytics platform that makes it easy for companies to assess service providers or self assess against compliance and security standards (e.g. PCI, DSS). Headquartered in Orem, Utah at the heart of the Silicon Slopes, Whistic is the creator of the CrowdConfidence TM scoring algorithm that leverages the wisdom of crowds to assess the residual risk of sharing data with a vendor. Whistic was the recipient of the “Best Enterprise” award at the World’s Largest Startup Event: Launch Festival 2016.

For more information about Whistic, visit:

product privacy shield european union standards saas

About the author


The latest insights and updates on information security and third party risk management.

Hate security reviews?
Want FREE AirPods?*

Offer valid for any decision-maker/influencer in relation to your company’s third-party risk management strategy. Company size must exceed 100 employees. Exclusions apply. Limit 1 pair per company.