Information Collection for Self-Certification to the EU_U.S. Privacy Shield Framework

Information Collection for Self-Certification to the EU-U.S. Privacy Shield Framework

EU-U.S. PS questionnaire_Post-Withdrawal Data Retention_01-13-2017

Information Collection for Self-Certification to the EU_U.S. Privacy Shield Framework

OMB: 0625-0276

Document [docx]
Download: docx | pdf


Any organization which has withdrawn from the Privacy Shield is required to complete and submit this questionnaire. Organizations that choose to retain personal information received in reliance upon the Privacy Shield by continuing to apply the Privacy Shield Principles to such data must affirm to the Department of Commerce, on an annual basis, their commitment to apply the Principles to such data. Organizations that have returned or deleted all such data or provide “adequate” protection by another authorized means are no longer required to complete and submit this annual questionnaire after they notify the Department of Commerce of this action.



Failure to respond to this request within 30 days may be subject to enforcement action by the Federal Trade Commission, the Department of Transportation, or other enforcement authorities.



Annual Questionnaire for Organizations that Indicated upon Withdrawal that They Would Retain Personal Data Received under the Privacy Shield


  1. Please confirm that: (i) you are authorized to certify on behalf of the organization and its covered entities regarding its continued adherence to the Privacy Shield Principles with regard to all personal data received in reliance upon the Privacy Shield; (ii) the information submitted to the Department of Commerce for purposes of affirming the organization’s adherence to the Principles following withdrawal from the Privacy Shield is accurate and correct; (iii) you understand that misrepresentations in any information provided to the Department may be actionable under the False Statements Act, 18 U.S.C. § 1001; and (iv) you understand that failure to adhere to the Privacy Shield Principles with regard to such personal data may lead to enforcement actions by the relevant enforcement authority.



  1. Please provide the following information concerning the organization that self-certified its adherence to the Privacy Shield Principles:

  1. Organization Name;

  2. Organization Contact (the individual or office within the organization handling complaints, access requests, and any other issues concerning the organization’s compliance with the Privacy Shield Framework);

      1. Name;

      2. Title;

      3. Phone number; and

      4. E-mail address

  1. Organization Corporate Officer (the individual certifying the organization’s compliance with the Privacy Shield Framework);

  1. Name;

  2. Title;

  3. Phone number; and

  4. E-mail address

  1. Mailing Address


  1. Please verify that the personal data received in reliance upon the Privacy Shield, which the organization had indicated at the time of its withdrawal would be retained by the organization, was:

    1. Retained and subjected to the Privacy Shield Principles;

    2. Retained and “adequate” protection for such data was provided by another authorized means; or

    3. Returned or deleted. If so, specify the date by which all such data was returned or deleted.


  1. With respect to any personal data received in reliance upon the Privacy Shield that is retained by the organization, please verify that the organization will:

  1. Retain such data, continue to apply the Privacy Shield Principles to such data, and affirm to the Department of Commerce on an annual basis its commitment to continue to apply the Principles to such data; or

  2. Retain such data and provide “adequate” protection for such data by another authorized means.




File Typeapplication/vnd.openxmlformats-officedocument.wordprocessingml.document
File Modified0000-00-00
File Created2021-01-23

© 2024 OMB.report | Privacy Policy