Last Published: 1/13/2017
Information Required for Privacy Shield Self-Certification
To expedite the self-certification process, please compile the following information before you log on through the Privacy Shield website to self-certify your organization's compliance with the Privacy Shield Framework.

Organization Information:
  • Organization Name
  • Address
  • City
  • State
  • Zip

Organization Contact: Provide a contact office and individual within your organization for the handling of complaints, access requests, and any other issues concerning your organization’s compliance with the Privacy Shield Framework.
  • Contact Office
  • Contact Name
  • Contact Title
  • Contact E-mail
  • Contact Phone
  • Contact Fax

Organization Corporate Officer: Provide information about the individual certifying your organization’s compliance with the Privacy Shield Framework.  By submitting this self-certification, the corporate officer attests that he/she is authorized to submit the self-certification on behalf of your organization and all entities or subsidiaries indicated below.
  • Corporate Officer Name
  • Corporate Officer Title
  • Corporate Officer E-mail
  • Corporate Officer Phone
  • Corporate Officer Fax

Description of your organization’s activities with respect to all personal data received from the EU and/or Switzerland in reliance on the Privacy Shield:

In addition to your organization, list all entities or subsidiaries of your organization that are also adhering to the Privacy Shield Principles and are covered under your organization’s self-certification.  Note that references to “organization” in this form as well as in the Privacy Shield Principles include all covered entities and subsidiaries listed here. 

What types of personal data does your organization’s Privacy Shield commitment cover?

Note that for purposes of this self-certification form, the term “human resources data” refers to personal data about employees, past or present, collected in the context of the employment relationship. Examples of other types of personal data that could be covered include the following: customer, client, visitor, and clinical trial data.
(select all that apply)
  • Human resources data
  • Personal data other than human resources data

Briefly describe the purposes for which your organization processes personal data in reliance on the Privacy Shield, including the types of personal data processed by your organization (e.g. customer, client, visitor, and clinical trial data) and, if applicable, the type of third parties to which it discloses such personal information.


Independent recourse mechanism(s) available to investigate unresolved complaints:

If your organization wishes its Privacy Shield commitments to cover personal data other than human resources data, on an annual basis you must designate a private sector developed independent recourse mechanism or you may choose to cooperate with the EU Data Protection Authorities (DPA) under the EU-U.S. Privacy Shield Framework or the Swiss Federal Data Protection and Information Commissioner under the Swiss-U.S. Privacy Shield Framework and have the DPA panel or the Swiss Federal Data Protection and Information Commissioner serve as your independent recourse mechanism. Your annual selection will apply to all information received by your organization under the Privacy Shield other than human resources data.
  • If your organization has designated a private sector developed independent recourse mechanism, it must provide this mechanism’s name and website.
If your organization wishes its Privacy Shield commitments to cover human resources data, you must declare your organization's commitment to cooperate with the EU authority or authorities concerned under the EU-U.S. Privacy Shield Framework and/or the Swiss Federal Data Protection and Information Commissioner under the Swiss-U.S. Privacy Shield Framework, in conformity with the Supplemental Principles on Human Resources Data and the Role of the Data Protection Authorities and that you will comply with the advice given by such authorities.


Description of your organization's privacy policy applicable to personal data covered under your organization’s self-certification:

Provide the effective date of your organization's privacy policy applicable to the personal data covered under your organization's self-certification.
  • For personal data other than human resources data: If your organization has a public website, provide the relevant web address where the privacy policy is available. If your organization does not have a public website, provide information regarding where the privacy policy is available for viewing by the general public and upload a copy of the relevant privacy policy, which will be made available on the Privacy Shield website.
  • For human resources data: Although an organization that covers human resources data under its self-certification is not required to make available to the general public the relevant privacy policy that exclusively covers that human resources data, it must provide information regarding where the privacy policy is available for viewing by affected employees and provide a copy of that privacy policy statement to the Department of Commerce. The uploaded copy of that privacy policy will not be viewable by the general public.

Which appropriate statutory body has jurisdiction to investigate claims against your organization regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy? Note that to be transferred in reliance on the Privacy Shield, personal data must be processed in connection with an activity that is subject to the jurisdiction of at least one appropriate statutory body listed below to investigate.
(select one)
  • Federal Trade Commission
  • Department of Transportation

List any privacy program in which your organization is a member.

What is your organization's verification method?
(select one)
  • self-assessment
  • outside compliance review
    • If your organization has chosen an outside compliance review, it must provide the name and web address for the third party that conducts the review.

Additional Information

Indicate your organization’s annual revenue. This information will be used to determine the fee your organization must pay to self-certify to the Privacy Shield Framework and will not be viewable by the general public.
(select one)
  • Under $5 million
  • Over $5-25 million
  • Over $25-500 million
  • Over $500 million - $5 billion
  • Over $5 billion

Although your organization is not required to do so for purposes of its self-certification, please provide the following information.

Select the industry sector(s) applicable to your organization.  This is for information only but will be disclosed on the Privacy Shield website.
(select all that apply from the list provided online) 

Indicate the number of employees in your organization. This information will not be publicly disclosed on the Privacy Shield website. 
(select one)
  • Fewer than 100
  • 100-250
  • 251-500
  • 501 or more