Privacy shield was developed to allow transatlantic cross border data transfers to meet the legislative requirements of the GDPR, replacing the Safe Harbour framework which was incompatible with GDPR. It is important to note that Privacy Shield is not a GDPR compliance mechanism, but only enables participating companies in the USA to meet the EU requirements for transferring personal data to third-party countries.
The mechanism was developed by the US Department of Commerce, European Commission and the Swiss Administration and is administered by the International Trade Administration (ITA) within the U.S. Department of Commerce. This voluntary framework enables U.S.-based organisations to join one of two Privacy Shield programmes in order to benefit from frictionless E.U. and U.S. or U.S. and Swiss data transfers. Although the framework is voluntary, once adopted by an organisation it becomes enforceable under federal law.