Extract from article from Bryan Cave
In order to rely on the Privacy Shield, employers who handle an EU individual’s personal data must make the following updates to their publicly-available privacy policies:
1. Include a statement of the employer’s participation in the Privacy Shield framework.
2. Provide a hyperlink to the Privacy Shield List.
3. Include a statement of the individual’s right to access his or her personal data.
4. Include a statement that the employer may be responsible for disclosures of information to third parties acting on its behalf.
5. Identify the independent dispute resolution body that is available to investigate and resolve complaints from individuals. Examples of independent resolution bodies include alternative dispute resolution providers based in the U.S. or EU or a dispute resolution panel established by the EU data protection authorities.
6. Provide a hyperlink to the complaint submission form for the independent dispute resolution body.
7. Include a statement that the employer is subject to the authority of relevant regulatory bodies and that it may be required to disclose personal information in response to lawful requests made by regulators or law enforcement.