As a provider of a software solution that enables our customers to manage the health and wellness of their employees and to maintain compliance with occupational health regulations, Enterprise Health complies with Privacy Shield Frameworks regarding the collection, use, and retention of personal information transferred from the European Union member countries, the United Kingdom and Switzerland.
Enterprise Health is a data processor not a data controller, which means many of the provisions of the Privacy Shield Frameworks may not be applicable to us. However, we strongly believe in the benefits of these Frameworks; therefore, each year we go through a process to certify that we adhere to the Privacy Shield Principles with the U.S. Department of Commerce’s International Trade Administration (ITA).
Privacy Shield Frameworks are agreements that allow for the transfer of personal data from the EU to the U.S. There are two frameworks: one between the European Union and the United States and another between Switzerland and the United States. Both were developed by the U.S. Department of Commerce in consultation with the European Commission and the Swiss Government, respectively.
The EU-U.S. Privacy Shield Framework replaced the U.S.-EU Safe Harbor Framework in July 2016. The Swiss-U.S. Privacy Shield Framework replaced the U.S.-Swiss Safe Harbor Framework in January 2017. The Privacy Shield program includes important benefits to U.S.-based organizations, as well as their partners in Europe. These include:
Even though the United Kingdom formally exited the European Union on January 31, 2020, the EU-U.S. Privacy Shield will continue to apply to and in the UK until December 31, 2020.
The GDPR is a law that has specific requirements for companies that handle EU data in any country, not just the U.S. According to GDPR, data transfer may only occur to countries deemed by data protection authorities as having adequate data protection laws. Currently, the U.S. is not generally listed as one of those countries. In short, Privacy Shield allows U.S. companies, or EU companies working with U.S. companies, to meet this requirement of the GDPR.
For more information about GDPR, please refer to the GDPR and Enterprise Health and the GDPR and occupational health blogs.
Enterprise Health has participated in the EU-U.S. Privacy Shield Framework since 2017 and the Swiss-U.S. Privacy Shield Framework since 2018. On the Privacy Shield Framework website, there is a list of all U.S. companies that are participating in Privacy Shield, including the Enterprise Health entry. In addition, there is a link to the Enterprise Health EU-U.S. and Swiss-U.S. Privacy Shield Policy at the bottom of every page on the Enterprise Health website.