Safe Harbor Framework - Comprehensive Certification Process

Riskpro’s US-EU Safe Harbor Privacy Assessment follows a comprehensive review of the organisation’s privacy policy, procedures and compliance requirements. We ensure that the company is compliant with the 7 principles required by US Department of Commerce, along with additional requirements outlined in the FAQs.
Data Collection Procedures – Riskpro reviews the data privacy practices for the website along with public disclosure of privacy policy. We understand what information you collect, how it is used, to whom is it transferred in the course of normal business and many more checks.

At the end of the engagement, we provide a comprehensive gap analysis report along with recommendation to address the gap. We help companies to get self certified by developing their policies and procedures as well.

AS per the website, your policy should address the following.

Data Analysis

Analyze data intake flows, data uses, and transfers to third parties

Notice to Customers

  • Determine to whom, and when, notices must be given;
  • Assure notices are drafted accurately and are given at all appropriate times and places; and
    Determine manner in which notice is made publicly available


    Provide consumers with the opportunity to opt-out or opt-in depending on the nature of the data. Set-up appropriate procedures to respect consumers’ opt-out/opt-in requests particularly with respect to consumers’ requests to not be approached for direct marketing (i.e., in-house suppression system.) Opting-out should not require consumers to incur any fee or expense beyond a first-class stamp or phone call

    Onward Transfer

    Determine the need for contracts with respect to the transfer of information to third parties


    Set-up procedures to allow customers the ability to access their personal information and the ability to correct it where it is inaccurate


    Set-up procedures to ensure that customer’s personal information is protected and secure

    Data Integrity

    Set-up procedures to ensure that the customer’s personal information is reliable, accurate, complete, current and used for its intended purposes


  • Refer consumers to your customer service department or other in-house dispute handling program to address their data privacy complaints; and
  • Utilize the DMA Safe Harbor Program as the required independent third-party dispute resolution mechanism to address any unresolved in-house consumer data privacy complaints.


    Establish an annual compliance review process by adhering to either:

  • An internal self-assessment compliance review – you need to develop procedures for periodic objective reviews of compliance with your privacy policy and complaint handling; or
  • An outside third-party assessment review/audit


  • Assure all personnel receive general training in your safe harbor privacy policy. More extensive training should be provided to personnel who have access to or deal with the data; and
  • Modify employee/personnel policies to provide for training and discipline for failure to follow your policy
  • More Info: 
    Manoj Jain: 9833767114,

    Other Services of Interest

  • Cloud Security - Knowledge Snippets

    Riskpro presents a series of 5 articles / newsletters on cloud security. Cloud computing is attractive because it offers agility, resiliency and economy to organisations which adopt it. What is less...
  • Corporate Training Ideas - Risk Management and Compliance

    The following training options are appropriate for Banks, NBFC and small banks. • Basic fundamentals of Risk Management (half day) o Including Fraud, Reputational Risk issues also apart from...
  • Third Party Risk Management (TPRM) - Webinar

    EVENT OVERVIEW: TPRM or Third Party Risk Management is not a new concept, but something that needs to be addressed today. With Cybersecurity, Privacy issues emerging every day, often we find that...
  • Global Compliances - Free Webinar on key Global Regulations

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on how to be future ready with respect to Global Compliances. Alleviate risk and strengthen your control on global compliance with this...
  • Sarbanes Oxley (SOX) Compliance - Free Webinar

    EVENT OVERVIEW: Riskpro India is conducting a free webinar on SOX (Sarbanes Oxley) Compliance which will take you through the applicability and requirements of the SOX 404 and 302 Act. The...
  • Internal Audit and IT Audit on Temporary Basis

    Due to the importance of regulatory compliances, it has become essential that companies are able to audit the business operations effectively. To meet this growing demand, Riskpro India offers...
  • India: Data Protection Services

    The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years. Now India has its own version of Data protection regulation that will change...
  • Fire Safety Assessments and Training

    Some of our features of Fire Safety Assessments and Training • Fire Science • The common causes of fire • Identify fire hazards • Types of fires and extinguishers • Fire...
  • Go to top