What is Safe Harbor?

In a nutshell, the Safe Harbor program enables certified American companies to safely handle personal and potentially sensitive data from European customers and partners. The European Union imposes strong regulation on the transfer of personal data (under the Data Protection Directive) from European firms to companies in areas outside of the European Economic Area. However, if there is a guarantee that the outside company will provide adequate privacy protection, European firms will then be able to send their data. For companies in the U.S., this "guarantee" is formalized in the U.S.-EU Safe Harbor program in which companies formally agree to meet EU privacy protection standards. Similarly, the United States and Switzerland also provide a Safe Harbor framework for American companies who wish to comply with Swiss data protection laws. Those who wish to apply to U.S. Swiss Safe Harbor in addition to the U.S.-EU Safe Harbor can do so without any extra fee.

Why Should you Consider the Program?

If you are a U.S. company that will deal with handling the data of a European business partner or customer, a Safe Harbor certification is necessary. Typically, when doing business with a European firm, you will be asked about your Safe Harbor compliance.

Steps to Comply With the Program

You can become “Safe Harbor Certified” by following these steps: 1. Apply for an independent recourse mechanism (in our case, we chose the BBB EU Safe Harbor Program, which covers both the EU and Switzerland; there are many others). This is required under the "Enforcement" section of the Safe Harbor privacy principles. 2. Create a privacy policy adhering to Safe Harbor principals and stating company compliance to the program 3. Publish it on the company website 4. Prepare the necessary information: organization information, organization contact, corporate officer information 5. File a form and pay fees for self-certification

What’s Happened in our Case

One of our customer candidates, a European company, was interested in our data integration solutions. Due to the European Union’s Data Protection Directive, the only way we could have been able to conduct business was to certify our compliance with the Safe Harbor program. As a company that works with customer data regularly, we already followed similar privacy policy practices, so becoming certified was a no-brainer to us. It didn’t take long for us to become officially Safe Harbor certified.