Anonos: Lawful Borderless Data

Are you Schrems II compliant?

Find out with just 2 questions

Imagine a world where you don’t have to compromise.

Organisations are now required to implement new technology controls to bring global data transfers and cloud processing into compliance with Schrems II. Our patented technology acts as a technically-enforced Supplementary Measure for data transfers using SCCs, enabling Lawful Borderless Data.

With Anonos, state-of-the-art GDPR-Pseudonymisation technology allows you to protect data in use, comply with regulatory requirements, achieve unparalleled data portability, utility, and accuracy, and establish a defensible position for your organisation.

Words Are Not Enough

Although “words are the lawyer’s tools of the trade”, trying to address Schrems II requirements using words alone will always fail, regardless of whether the words come in the form of revised contracts, new treaties, policies, or digital terms of use.

Organisations focused on updating Standard Contractual Clauses (SCCs) miss the point that words alone cannot make data transfers lawful under Schrems II. It is critical to understand that new technical controls are required in addition to updating SCCs.

Anonos provides new technology that enables Lawful Borderless Data in compliance with Schrems II and global data protection laws.

Read briefing report

Top Misconceptions

There are many misconceptions about the impact of Schrems II, the penalties and exposure for non-compliance, and what organisations must do to move forward. Anonos provides Pseudonymisation-enabled Supplementary Measures to empower organisations to continue processing data in compliance with Schrems II and global data sovereignty and localisation laws.

WHICH PROCESSING CAN I NO LONGER DO?

Two use cases, which represent the majority or global data use and processing, are now unlawful:

Transfer to Cloud Services Providers or Other Processors Which Require Access to Data in the Clear (EDPB Unlawful Use Case 6); and
Remote Access to Data for Business Purposes (EDPB Unlawful Use Case 7)

THERE IS NO GRACE PERIOD FOR COMPLIANCE

No. There is no grace period for complying with Schrems II – the obligation to comply was immediate upon the ruling of the CJEU on 16 July 2020.

WORDS ALONE ARE NOT ENOUGH

SCCs “are not capable of binding the authorities of that third country, since they are not party to the contract.” No political solution to Schrems II will remove the obligation to implement new GDPR-compliant technical controls to reduce the risk of violating data subjects' fundamental rights for international data transfers to be lawful.

This is a Board level issue

Yes. Due to the significant publicity regarding the potential negative effects of Schrems II, lack of corporate change may constitute “wilful blindness to a course of action” or “reckless conduct by knowing of the risk but doing nothing.” This opens Board members and senior executives to potential personal and criminal liability. In addition, auditors have an obligation to report data protection violations to authorities under the International Ethics Standards Board for Accountants (IESBA), and Non-compliance with Laws and Regulations (NOCLAR).

NEW TECHNOLOGY IS REQUIRED

The EDPB has highlighted the transfer of GDPR Pseudonymised data (EDPB Lawful Use Case 2) as lawful. This means that Cloud Processing and Remote Access for Business Purposes (EDPB Unlawful Use Cases 6 and 7) can be made lawful by using GDPR-Pseudonymised data (Lawful Use Case 2).

Anonos BigPrivacy
GDPR-Pseudonymisation Software

BigPrivacy uses GDPR-Pseudonymisation, a technique recommended by the European Data Protection Board (EDPB) for protecting data in use.

BigPrivacy transforms identifying source data into privacy-respectful data assets known as Variant Twins®, using state-of-the-art technical controls. BigPrivacy gives a privacy engineer the tools to create "Privacy Actions" via a graphical user interface (GUI). These Privacy Actions can be adapted for different contexts, uses, and risks.

When data is properly Pseudonymised using BigPrivacy, data is protected during transferring and processing in compliance with Schrems II. This allows you to support SCCs for global data use and cloud processing with recommended technical measures.

We offer a QuickStart program to help get your business covered as soon as possible.

Learn more

Schrems II Knowledge Hub

RESOURCES TO HELP YOU ACHIEVE LAWFUL BORDERLESS DATA

Quick Read Briefings

In-Depth Resources

News

Top 8 Misconceptions

Executive & Board Risk Assessment Framework

New Technology Controls Required

Legal Solutions Guidebook

Webinar: Presenting Risk Exposure to the C-Suite & Board

Anonos Solution Page

Implementation Workshop

Executive Briefing Portal

IDC Report on Schrems II

Pseudonymisation

LinkedIn Group

Schrems II Blog

Top 8 Misconceptions

A number of serious misconceptions about the impact of Schrems II still remain, which makes it hard for organisations to comply.

This PDF download contains an explanation of the Top 8 Misconceptions surrounding Schrems II so that your organisation can eliminate misunderstandings to move forward. Downloadable and web versions are available.

Schrems II Legal Solutions Guidebook

The Schrems II Legal Solutions Guidebook is a critical asset for legal and privacy advisors working on GDPR and Schrems II compliance issues.

The Guidebook, which has been downloaded over 2,200 times, covers the key legal aspects and benefits of SCC-based Schrems II compliance, as well as a checklist, templates, and practical steps for organisations to follow.

Download

Implementation Workshop

Schrems II workshop covering Implementation Roadmap & Legal Benefits, for organisations to understand how to implement Schrems II Supplementary Measures for SCCs. Over 2000 GCs, CPOs, DPOs, and Outside Legal Counsel participated from over 1700 companies across over 50 countries. To ensure you don't miss out on valuable information, a replay of this workshop is available for you.

Watch Replay

Executive Briefing Portal

The Schrems II Executive Briefing Portal was created in response to overwhelming requests from General Counsels and data privacy professionals for additional information. This Portal allows you to explore many critical issues related to Schrems II so you can provide support to your organization and advice to your clients. The Portal contains sections on regulator guidance, Schrems II compliance, general GDPR concepts, and analysis of legal issues.

LinkedIn Group

This Schrems II LinkedIn Group has over 4800 members, with legal, privacy, and data professionals discussing key issues related to this ruling and some of the complications. This community group provides the opportunity to view information, collaborate on solutions, and discuss complex issues with other experts.

JOIN GROUP

Anonos Solution Page

Anonos offers a technology solution that provides technical Supplementary Measures for Schrems II compliance. Explore Anonos GDPR-Pseudonymisation technology, so that you can support your organisation or clients towards a compliant solution. Only Anonos delivers three critical requirements for achieving a Defensible Business Position: Schrems II compliant Supplementary Measures and GDPR-compliant Pseudonymisation to future-proof Standard Contractual Clauses (SCCs).

VIEW SOLUTION

IDC Report on Schrems II

This IDC report explains how Anonos’ BigPrivacy software is well placed to satisfy the Schrems II requirements for appropriate safeguards by creating pseudonymised versions of personal data (Variant Twins).

The IDC report covers the development of Anonos BigPrivacy, use cases, an explanation of Anonos' state-of-the-art Pseudonymisation technology, and market applicability of the solution. Read this IDC report to find out how Anonos technology can help you.

READ REPORT

Schrems II Blog

A timely collection of articles and perspectives that you will not find elsewhere. This content reflects topical issues gleaned from meetings and interactions with companies, regulators, legislators, and non-governmental organisations related to SCC-based compliance with Schrems II requirements.

READ BLOG

Pseudonymisation

Pseudonymisation is at the core of the Data Embassy principles, and is newly-redefined in the GDPR. Find out more about the importance of Pseudonymisation, as recommended by the EDPB as a Schrems II solution for protecting data in use, and how its application can help your organisation.

Executive & Board Risk Assessment Framework

This framework covers the crucial issues we address when working with these organisations to evaluate the ability to establish an immediately defensible position in compliance with Schrems II.

New Technology Controls Required

Relying on “Words Alone” by updating contracts and hoping for treaties produces unsustainable operations because no contract or treaty will remove the need for new technology controls to protect data when in use.

This Briefing covers how Anonos technology solves international cross-border legal challenges, enabling the highest data protection levels, accuracy, and utility on a global scale by complying with recommendations by the EDPB for GDPR-compliant Pseudonymisation.

Webinar: Presenting Risk Exposure to the C-Suite & Board

Schrems II risk mitigation strategies for Boards of Directors and C-Suite, and organisations are critically needed. View this webinar to find out what the risks are, and what steps you need to take next to brief your executive team and board members.

Watch Replay

Back

Find out in just 2 questions

Question 2 of 2

Do you process EU personal data using US cloud services such as AWS, Azure, or GCP?

YES NO

To clarify, does your company use a Third Party SaaS service that in turn uses one of the top US Cloud companies (AWS, Azure, GCP)?

If it does, you should answer YES to the question above. Also, just because you may be using a local EU location for one of these cloud providers, if a US company is the parent company of the cloud provider, you should answer YES to the question above,

If not, click the button below to proceed to the second question. PROCEED

Find out in just 2 questions

Question 1 of 2

Do you provide anyone outside of the EU / EEA / Equivalency Countries with remote access to your EU personal data for business processing purposes? For example, for follow-the-sun analytics, AI or ML processing or support.

YES NO

Back

Thank you for taking the Schrems II compliance quiz.

Enter your details below, and we will email you your answer, As a bonus, we will include our two most popular Schrems II briefing docs:

Top 8 Schrems II Misconceptions and How to Proceed
Information on The Need for Technical Solutions

Enter your details:

By entering your email address, you agree to our

Within the next 3 minutes, you will receive an email with the answer to the quiz and the two briefing documents.

We invite you to watch the 2 minute video below to learn how to make best use of the briefing documents that you will receive.

The video highlights how to put the templates into action in your organization to help brief your C-Suite / Board and colleagues to achieve a defensible position.

Learn more

Presented by

All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

*Schrems II refers to the ruling by the Court of Justice of the European Union in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, commonly referred to publicly as “Schrems II.” Use of "Schrems II" in no way indicates any relationship or affiliation with, or endorsement by, Max Schrems or by the Non-Governmental Organisation, None of Your Business (NOYB), or any parties directly or indirectly associated with Max Schrems or NOYB.

THE NEW TECHNOLOGY SOLUTION FOR LAWFUL BORDERLESS DATA

Transform your data into a state-of-the-art asset using GDPR-Pseudonymisation, allowing secure, borderless innovation lawful in compliance with Schrems II* and global data protection laws.