You might be wondering: What is safe harbor? Does this apply to my company?
If your company transfers any personal information (name, address, financial, health, or other contact information) from Europe to the United States, or from Switzerland to the United States, then you have to meet certain international privacy protection laws. These laws apply to both companies “in control” of the data and “those processing data on behalf of.” So if you fall into either of these categories then the answer is yes — the laws would apply to you.
You can enter into individual “model” contracts with each company/country you do business with. However, if you do business, or expect to, with multiple companies, you should consider self-certifying under the US-EU Safe Harbor Framework and/or the US-Swiss Safe Harbor Framework. It’s an easy online process with the US Department of Commerce in which you adhere to the seven core safe harbor principles and FAQs surrounding data collection, protection, choice, security, and enforcement.
Under this self-certification process, American companies that self-certify must also select a third-party dispute resolution mechanism to serve as a mediator regarding data privacy complaints that qualify under these frameworks. Members can choose to select DMA as their safe harbor dispute resolution mechanism.
Please check out the report DMA just released about the DMA Safe Harbor Program. DMA is here to help member companies navigate the steps you need to take to comply with the safe harbor frameworks and act as your mediator for any potential complaints.
The DMA Safe Harbor Program serves over 60 participating member companies. To learn more & join this members only program, please email Lisa Brown Shosteck, DMA Safe Harbor Program Administrator, at firstname.lastname@example.org.