Achieved Compliance is pleased to announce that it has been approved to participate in the EU-U.S. “Privacy Shield” program. The Privacy Shield provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. The Privacy Shield updates the Safe Harbor regime that had supported data flows between the jurisdictions since 2000.

As a participant in the Privacy Shield, Achieved Compliance meets all EU legal requirements for protection of data about EU citizens. Companies that use Achieved Compliance software and services can rest assured that we are committed to protecting data and have in place a governance program that ensures that we safeguard data and process it responsibly. Achieved Compliance also dedicates resources to data protection oversight within the company and to addressing consumer concerns should they arise.

Failing to live up to these commitments would open Achieved Compliance to enforcement by the U.S. Federal Trade Commission. But Privacy Shield participation is about more than compliance – it’s also about trust. We understand that when it comes to data, trust is essential to our business – and yours. You can trust that when you share your data with Achieved Compliance it enjoys the highest levels of protection.

Participation in the Privacy Shield Program is an important tool – not just for Achieved Compliance, but for any company that wishes to move personal data legally from the EU to the U.S. The transparency, privacy impact assessments, and recourse mechanisms – among other Privacy Shield requirements – are essential to regimes around the world that support the uninterrupted, legal flows of data that promote business success.

Therefore, when companies meet requirement of the Privacy Shield, they take steps toward compliance with other laws and frameworks – including the EU’s General Data Protection Regulation, which comes into effect in May 2018. They also position themselves for participation in the Asia Pacific Economic Cooperation (APEC) Privacy Framework, which supports movement of data across the APEC region. While other mechanisms for these transfers exist in the form of model contract clauses, the Privacy Shield enables legal transfer of data more quickly and without the extensive paperwork.

EU law allows movement of data only to jurisdictions that provide data protection deemed “adequate” by the EU. The EU has not found United States privacy law to be adequate, however, recognizing the importance of data flows between the EU and the U.S., the Department of Commerce and the European Commission designed the Privacy Shield to support the movement of data.

Companies that participate in the Privacy Shield must self-certify to the Department of Commerce and publicly commit to comply with the Framework’s requirements. Companies must, for example, provide consumers with dispute resolution; inform the public if the company has been the subject of an enforcement action, and cooperate with the Department of Commerce when it requests information about the company’ adherence to Privacy Shield requirements. For more information about Privacy Shield, click here.

Joining the Privacy Shield is voluntary, however, once an eligible organization makes the public commitment to comply with the Framework’s requirements, the commitment is enforceable under U.S. law. The companies that participate are listed on the Department of Commerce website.

On January 12, 2017, the Swiss Government also announced the approval of the Swiss-U.S. Privacy Shield Framework as a valid legal mechanism to comply with Swiss requirements when transferring personal data from Switzerland to the United States.


Achieved Compliance – helping you navigate the complex world of data compliance.

Through its software guided review and remediation process, education tools and representation services, Achieved Compliance makes it possible for companies to take all the steps needed for meaningful compliance that meets regulators’ expectations.

For more information as to how we can help your organization be GDPR compliant please contact