Data Privacy Framework (DPF) Services

The Data Privacy Framework (DPF) Program is an approved mechanism to legally transfer (or access) personal data from the EU, the U.K., and Switzerland to the U.S. A key requirement to participate in the DPF Program is the designation of an independent dispute resolution provider, and as the longest-running IRM in the U.S., BBB National Programs is here to help.

Compliance Made Simple

Privacy is both a legal obligation and a critical element of customer service. BBB National Programs delivers cross-border privacy compliance services to U.S. businesses of all sizes. As your Independent Recourse Mechanism (IRM), we provide you with the one-on-one customized support you need.

Our Services

Certification Support

Our team provides DPF Program hands-on assistance to help businesses of all sizes navigate the certification and annual recertification processes seamlessly.

Monitoring

Save time and resources with our year-round compliance assistance, real-time alerts, and monitoring and support services delivering the DPF Program updates, cross-border privacy notices, and timely reminders your team will rely on.

Dispute Resolution

Our unique conciliation-first model to on-demand complaint handling delivers speedy and seamless dispute resolution services, following transparent procedures trusted by consumers and businesses alike.

Handling personal data involves a lot of moving parts. It’s our mission to help you.

The Process

Work with BBB National Programs to prepare for DPF Program self-certification in three easy steps.

Step 1: Sign Up with BBB National Programs

A key requirement to participate in the DPF Program is the designation of an independent dispute resolution provider, and as the longest-running IRM in the U.S., BBB National Programs is here to help.

When completing BBB National Programs’ application, please answer each question to the best of your ability and be sure to have the following available:
  • Contact information (telephone and email addresses) for the company’s primary contact for legal notices and communications, as well as a designated contact for complaints and a billing contact.
  • Your company’s gross annual sales revenue.
  • Your company’s legal name and state of incorporation (this same name must be used when you self-certify with the U.S. Department of Commerce). Add any D/B/A names and any "covered entities"—U.S.-based subsidiaries or affiliates to be covered—in the appropriate fields.

When you complete the application, we will provide you with a letter containing a reference number, fee information, and a completed Participation Agreement for signature. Please read our Rules and Participation Agreement before submitting the application online.

Read the Rules

Step 2: Prepare Your Certification Package

The BBB National Programs team will help you prepare all of the elements you need for DPF Program self-certification, including necessary updates to your privacy policy.

We will:
  • Review your privacy policy and other applicable notices
  • Provide recommendations based on the DPF Principles
  • Confirm that they are accessible to all visitors to your public website

For example, you must state if you will participate in the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, the Swiss-U.S. DPF, or all of the above. We have outlined some of those options on our Privacy Policy Requirements page and will work with you to ensure the new language is applied correctly.

Once your application with BBB National Programs is complete, it is time to self-certify with the U.S. Department of Commerce DPF Program.

Read the Privacy Policy Requirements

Step 3: Self-Certify with the DPF Program

This step should be completed within 30 days of our approval of your application. Maintaining a current annual self-certification with the U.S. Department of Commerce is a requirement for ongoing participation.
  • When completing your self-certification application, you will select BBB National Programs in the “Recourse Mechanism” field drop-down.
  • You will also need to complete all steps listed on the Department of Commerce’s website.

Once your certification submission is complete, the U.S. Department of Commerce will instruct you to post your approved privacy policy to your website. Once you notify the Department of Commerce that your notice is published, they will list your organization on the Data Privacy Framework List.

Self-Certify with Commerce

Data Privacy Framework List

Annual Reporting

BBB National Programs publishes annual Procedure Reports that provide summaries of our program operations throughout the year. In accordance with our obligations as a U.S. Department of Commerce-recognized Independent Recourse Mechanism, our annual procedure reports provide aggregate statistics about our dispute resolution services.

Frequently Asked Questions (FAQs)

What is the Data Privacy Framework Program?

Privacy Shield was recently replaced by the Data Privacy Framework Program, a mechanism for legally transferring personal data from the European Union, the United Kingdom (and Gibraltar), Switzerland, or other participating countries to the United States. Designed by the U.S. Department of Commerce to support transatlantic commerce in coordination with the European Commission, these mechanisms promote greater transparency around international data processing and enable U.S. businesses to demonstrate that their privacy practices meet data protection requirements such as GDPR, including enhanced protections for consumers. Privacy Shield was officially replaced by the Data Privacy Framework Program in July 2023.

What are my rights under the Data Privacy Framework Program?

Among other requirements, a participating organization must provide you:

  • Information on the types of personal data collected;
  • Information on the purposes of collection and use;
  • Information on the type or identity of third parties to which your personal data is disclosed;
  • Choices for limiting use and disclosure of your personal data;
  • Access to your personal data;
  • Notification of the organization’s liability if it transfers your personal data;
  • Notification of the requirement to disclose your personal data in response to lawful requests by public authorities;
  • Reasonable and appropriate security for your personal data;
  • A response to your complaint within 45 days;
  • Cost-free independent dispute resolution to address your data protection concerns; and
  • The ability to invoke binding arbitration to address any complaint that the organization has violated its obligations under the Principles to you and that has not been resolved by other means.

What is the role of BBB National Programs?

For more than 20 years, BBB National Programs, a non-profit organization based in the United States, has operated an approved independent dispute resolution mechanism. We help EU, UK, and Swiss individuals resolve privacy complaints under the Data Privacy Framework Program, and previously under Privacy Shield.

How do I file a complaint against a company?

You can learn more about the steps to file a complaint by visiting this page: For Consumers.

Media & Resources

Book a Consultation