Changes to the EU-US agreements on transatlantic data transmission are accepted. With the updates leading to an adequacy decision for the Privacy Shield, the European Commission further advances US adherence to the General Data Protection Regulation. The regulation comes with increasing territorial scope for the processing of personal data of persons in the EU, and includes the risk of substantial fines. Soon, a Privacy Shield self-certification will be necessary for US organizations which process EU data. Compliance with these requirements may be assisted by privacy by design. In particular, a recent approach to this uses privacy design strategies. Our paper takes this approach and applies it to the Privacy Shield and its suggested changes. It then explores a case study within scope of the Privacy Shield to demonstrate how to apply privacy by design using strategies.