A Step-by-Step Guide to Self-Certification on the Privacy Shield Website

Step 1: Navigating the home page

• On the Privacy Shield website homepage (www.privacyshield.gov), your screen should

look like the one pictured below. Move your cursor to, and click on, “Self-Certify” in the
top left corner (circled in 1A).

(1A)
Step 2: Register

• You should then be taken to a screen to register. (2A)

A. Once here, fill out the requested information and click “Sign Up” in the bottom right
corner. (2B)

(2A)

(2B)

B. You should then receive an email verifying your username for later use. An example
of this email can be seen in 2C.

(2C)
Step 3: Getting started

• Once you have completed Step 2, you should be taken to a screen like the one to the right
below (3A).

A. Read text carefully.

B. Click on the boxes (by red arrows) labeled

“EU-U.S. Privacy Shield” and/or “Swiss- U.S. Privacy Shield”

to indicate with which Framework(s) your

organization self-certifies its compliance.

C. After completing steps A&B click the “Start”

button. (3A)

(3A)
Step 4: Organization Information

• The first step in the self-certification process is to fill out some basic organization
information.

A. In the spaces provided, fill out the requested information then click “Next” in the
bottom right corner. An example is provided below. (4A)

(4A)
Step 5: Contact Information

• The next page should ask you to supply contact information for both an
Organization Contact and an Organization Corporate Officer. The Organization
Contact must be able to respond to individuals within 45 days of receiving a
complaint.

A. Click “New Contact” in the top left corner

(circled in red), and a form requesting
information will drop down. (5A)

B. Click the downward arrow under “Select

a New Contact Role” (highlighted) and
chose either “Organization Contact” or
“Organization Corporate Officer” from the
drop down menu.

C. Then fill out the rest of the information

based on the person of choice and click
“Save”. (5A)

D. Repeat steps A-C, selecting whichever

of the two contacts you did not originally
select in step B.
(5A)

• Once you have filled out and saved both

contacts’ information, your screen should look
similar to that of 5B.

• Click “Next” to continue. (Circled in red)

(5B)
Step 6: Organization Characteristics

• This part of the self-certification process is used to gather information on your

organization’s characteristics. This data will not be made public.

A. Click on the downward arrows on the right side of the screen (highlighted 6A)
to reach the drop-down menu. (6B)
- Select the option that is correct for your organization
B. Then, click on “New Industry” (circled in red) and fill out the drop-down form(6C).
- After you have completed the form, make sure to click “Save”. (Circled in
blue)
C. After filling out all information pertaining to your organization, click “Next”

(6B)

(6C)

(6A)
Step 7: Other Covered Entities

• This stage of the application asks for a list of “all U.S. entities or U.S. subsidiaries of
your organization that are also adhering to the Privacy Shield Principles and are
covered under your organization’s self-certification.”

A. Click “New Covered Entity”

(circled in red)

B. Type the name of the U.S.

entity or U.S. subsidiary in
the drop-down box.

C. Click “Add” (circled in blue)

- If added successfully the
name should appear below
the drop-down box.

D. Repeat steps A– C until all

covered U.S. entities and
U.S. subsidiaries are listed.

E. Once complete click “Next”

(7A)
 Step 8: Covered Data and Dispute Resolution (EU-U.S.)

• This page concerns the type of personal data covered under your EU-U.S. Privacy
Shield certification.
- By clicking on the blue words that read “personal data” at the top of your
screen, you will be redirected to how personal data is defined. (Circled in blue
on 8A)
- On this page you will be prompted to choose whether your organization’s
Privacy Shield commitments cover non-human resources data, human
resources data, or both.

Directions if your organization’s Privacy Shield Commitments cover “Personal data other than human
resources data” under the EU-U.S. Privacy Shield.
A. Read text carefully.
B. Click on the small box to the left of “Personal data other than human resources data”. (By red arrow in 8A)
C. Once you have done this, drop down options should appear. (Exemplified in 8B)
D. Read the text carefully before choosing a recourse mechanism from the “Recourse Mechanism” list provided. (Inside red
box of 8B)
E. If your organization’s chosen mechanism is not listed, click “New Recourse Mechanism” at the bottom of the list. (By
double-sided blue arrow in 8B)
F. This will open up another menu where you can input your mechanism’s name and website. (8C-highlighted in blue)
- Be sure to click “save” after inputing the information.
G. If you designated a recourse mechanism from the list or entered a new option, your selections should appear under
“Selected Mechanisms” on the right side of your screen. (Inside purple box of 8B)

(8B)

(8A) (8C)
 Step 8: Continued

Directions if your organization’s Privacy Shield commitments cover “Human resources data” under the
EU-U.S. Privacy Shield.
A. Read text carefully.
B. Click on the small box to the left of “Human resources data”. (By red arrow in 9A)
C. Click on the small box, marked by a blue arrow in 9A, to agree to cooperate with EU data protection authorities.

(9A)

Whether your organization is covering non-HR or HR data:

A. Type up a brief description regarding the purpose of collecting data for your organization in
the box at the bottom of the screen. (Highlighted in blue-9A)
B. Once you have completed these steps, review your submitted information and click “Next”
Step 9: Covered Data and Dispute Resolution (Swiss-U.S.)

• If, in Step 3, your organization certified its compliance with the Swiss-U.S. Privacy
Shield Framework then continue on with this step.
• For this page, please follow the instructions already laid out in Step 8.
- The only differences between this step and Step 8 are:

1. An organization covering HR data must agree to cooperate with the

Swiss Federal Data Protection and Information Commissioner rather
than EU data protection authorities

2. That there is no box to type up a brief description regarding the

purpose of collecting data for your organization.

- Picture 10A contains a summarized depiction of steps to take to fill out

this form. However, please refer to Step 8 for instructions and
clarification.

(10A)
 Step 10: Enforcement and Verification

• This section asks for the U.S. statutory body that has jurisdiction to investigate claims
against your organization, a list of any privacy programs in which your organization is a
member, your organization’s verification method, and the verification provider.

A. First, at the top of the page, select at least one statutory body listed that has jurisdiction
to investigate claims against your organization. (By red arrows in 11A)

B. Second, directly underneath, list any privacy program in which your organization is a
member. (Highlighted in red 11A)

C. Next, select your organization’s verification method by clicking on the downward

arrow (highlighted in blue 11A) and select an option from the drop down menu
presented in 11B.
- A functioning definition of verification method can be found by clicking
on the words “verification method” (circled in red 11A)

D. Click on your organization’s verification providers to select them from the list supplied
on the bottom left of your screen (Inside red square in 11A)

E. If your organization’s verification provider is not listed- click “New Verification

Provider” at the bottom of the list. (By double-sided blue arrow in 11C)

F. This will open up another menu where you can type your provider’s name and website.
(11C-highlighted in blue)
- Be sure to click “save” after inputting the information.

G. If you designated a verification provider from the list or entered a new option, your
selections should appear under “Selected Verification Providers” on the right side of your
screen. (Inside purple box of 11A)

H. Once you have completed these steps, review your submitted information and- click
“Next”

(11B)

(11C)
(11A)
Step 11: Privacy Policies

• At this stage, you are required to supply information on your organization’s privacy policies.
A. 12A should be what this stage’s beginning screen looks like.
B. Click “New Policy” underneath the text on this page. (circled in red-12A)
C. A form should then drop down, like the one presented in 12B. Enter the
requested information.
- Note, a first-time certifier must provide the Department with a draft
privacy policy that is consistent with the Privacy Shield Framework(s) for
review. To do so, click “Browse” (highlighted in orange-12B) and upload the
relevant policy. Once the Department has determined that the organization’s
submission is otherwise complete, the Privacy Shield team will notify the
organization that it should publish its Privacy Shield-consistent privacy policy,
including a statement that it adheres to the Privacy Shield Principles. The
organization should promptly notify the Privacy Shield team as soon as the
relevant privacy policy is published, at which time the Department will place the
organization’s self-certification on the Privacy Shield List.
D. Once you have completed these steps, make sure to click “Save” (highlighted in
red-12B)
E. Review your submission then click “Next” in the bottom right hand corner.

(12B)

(12A)
Step 12: Submit Payment and Application

• You are now 80% complete with the self-certification process. This page explains your
organization’s administrative fee.

A. You can see what amount your organization owes by looking at the number next
to the words “Application Processing Fee” on the top left corner of your page.
(Circled in red- 13A)

- The amount due is based on your organization’s annual revenue.

B. Make sure to read the text carefully. When you are ready to proceed, click
“Pay” in the bottom right hand corner of your screen. (Highlighted in blue- 13A)

(13A)
Step 13: Selecting a payment method

• The next step is to select a payment method. You have two options:

“I want to pay with a withdrawal from a checking or savings account (ACH)”

Or

“I want to pay with a debit or credit card”

A. Click the circle next to the option you wish to use. (By the red arrows- 14A)

B. Once you have selected an option, click “Continue” (Highlighted in red- 14A)

(14A)
 Step 14: Completing the payment

Directions for filling out the checking or savings option:

A. Fill out each text box with the requested information found to the left of each box.
(A completed page is exemplified in 15B)

- For “Account Type”: Click on the downward arrow (highlighted in blue- 15A) to get to the drop down
menu (shown in 15C).

- From this menu select your account type option.

B. Ensure the submitted information is correct and click “Continue” (Circled in red- 15B)

(15C)

(15A)

(15B)
 Step 14: Continued

Directions for filling out the debit or credit option:

A. Fill out each text box with the requested information found to the left of each box.
(A completed page is exemplified by Picture 16B)

B. Ensure the submitted information is correct and click “Continue” (Circled in red- 16A)

C. On the next page (shown in 16B) ensure the information is correct.

- Be sure to check the box at the bottom of the screen. (Highlighted in orange- 16B)
- Click “Submit”. (Circled in blue- 16B)

(16A)
(16B)
Step 15: Finalizing Payment

A. After submitting your payment information you will be brought to a screen like the one
shown in 17A.
B. To finalize your payment, click on the “Complete Payment” button in the bottom right hand
corner. (Highlighted in blue- 17A)

(17A)
Helpful Resources:

• Previous Button: If you want to return to the previous page for any reason, there is a
“Previous” button in the bottom left corner of every page which will take you back one step.
(Circled in red- 18A)

(18A)

• Assistance Button: If you have a question about something on the application, there is an
“Assistance” button located on the top right corner of every page. (Circled in red- 18B)
- This will take you to a form to fill out regarding your specific question. (18C)
- Click the downward arrow (Highlighted in red- 18C) in the first “Assistance”
part of the form to reach the drop down menu. From here select the type of
issue you are having. (18D)
- Be sure to click “Submit” after completing the form. (Circled in blue- 18C)

(18D)

(18B) (18C)
• For your convenience, the blue bar at the top of the screen indicates what percentage of the
process you have completed. (Highlighted in blue- 18E)

(18E)

• For a more detailed look at the requirements needed to self-certify or the information
referred to in the application, click this link for a How to Join Privacy Shield Guide:
https://www.privacyshield.gov/article?id=How-to-Join-Privacy-Shield-part-1-

• For a Privacy Shield program overview and frequently asked questions refer to this link:
https://www.privacyshield.gov/Program-Overview

• For details on the information required for the self-certification process:

https://www.privacyshield.gov/article?id=Self-Certification-Information