"Omer Tene, VP of Research and Education at the IAPP, suggested in an interview with SCMagazine.com that companies may be disinclined to jump through the regulatory hoops required for Privacy Shield certification, with the looming prospect of the courts finding this policy lacking as they did with Safe Harbor. “Companies might be thinking… it may not be worth going through the exercise to begin with,” said Tene.
Moreover, by May 2018 Europe will enforce its General Data Protection Regulation, which could also drastically impact how companies manage the export of their data. “There might be concerns that the Privacy Shield is a stopgap measure which will not satisfy the additional requirements and burdens of GDPR,” Tene explained. According to the IAPP, the three aspects of GDPR compliance that privacy professionals consider to be the most difficult to execute are the right to be forgotten, data portability and explicit consent requirements."