Where do I start?



Determine whether your business is covered by the US-EU Safe Harbor Framework.  To be eligible to participate in the Safe Harbor, you must answer “yes” to both of the following questions:

  • Do your business practices fall under the jurisdiction of the Federal Trade Commission (FTC) or the Department of Transportation (DoT)?  If you are uncertain as to whether your organization falls within the jurisdiction of either the FTC or the DoT, it is recommended that you contact those agencies for further guidance.
  • Are you a US organization that receives or processes personally identifiable information either directly or indirectly from Europe (including all EU member states plus Iceland, Norway, Liechtenstein); or are you a subsidiary or affiliate that processes this information in the US?

It is important to note that BBB EU Safe Harbor does not offer dispute resolution services for issues relating to the transfer of human resources data. However, the transfer of such data does fall under the Safe Harbor Framework. For additional information, please refer to the Department of Commerce's FAQ #9.


Complete the BBB EU Safe Harbor application. To complete the application, you will be asked to provide contact information for a primary contact for notices and communications, as well as complaint and billing contacts.  You will also need to know your sales revenue.  Please read the Rules document and Participation Agreement before submitting the application online.

On completing the application, we will provide you with a reference number and an annual fee amount based on our fee schedule for your business’s participation in the program. You will also receive a cover letter containing this information and a completed Participation Agreement to be signed by your a corporate officer with signatory authority. 


Create or modify your privacy notice and internal privacy policy to conform to the seven Safe Harbor Privacy Principles.  Your privacy notice must specifically reference your organization’s adherence to the Safe Harbor Principles and must be available to the public.  You must reference your participation in BBB EU Safe Harbor and provide our contact information for complaints. Suggested language can be found here.  Please read the Department of Commerce Guide to Self-Certification for sample privacy notices and additional information. 


Mail your check made out to the Council of Better Business Bureaus, signed Agreement, and a copy of your draft privacy notice to the address provided.  Your application will be reviewed. If any additional information is required we will contact you. Please note that your privacy notice must meet the minimum requirements set out in Step 3 before we can accept your application.  Once the review process is complete you will receive an email notification indicating that your company has been accepted into the program.


Self-certify with the Department of Commerce. To be assured of safe harbor benefits, please self-certify with the Department of Commerce within 30 days of our approval of your application. Your company's name will not appear on our online list of BBB EU Safe Harbor participants until your company is on the Department of Commerce Safe Harbor list. You may complete your self-certification online at www.export.gov/safeharbor.  Please review our checklist of the information you will need for self-certification.

Important: In the DOC’s “independent recourse mechanism” field, please state “BBB EU Safe Harbor” and link to our Web page for consumers: www.bbb.org/us/safe-harbor-complaints.  Please do not list the BBB under “privacy program” (you may simply indicate “none” for this field as none is required).  After completing the self-certification, you may follow the instructions for displaying the DOC’s EU Safe Harbor certification mark on your Web site.

Apply Now