Schrems II Knowledge Hub Resources Company Contact
Company
About Us Our People Awards Contact Patents

THE NEW TECHNOLOGY SOLUTION FOR LAWFUL BORDERLESS DATA

Transform your data into a state-of-the-art asset using GDPR-Pseudonymisation, allowing secure, borderless innovation lawful in compliance with Schrems II* and global data protection laws.

Our Software
 
Are you Schrems II compliant?
Find out with just 2 questions
Take the Quiz
Imagine a world where you don’t have to compromise.
Organisations are now required to implement new technology controls to bring global data transfers and cloud processing into compliance with Schrems II. Our patented technology acts as a technically-enforced Supplementary Measure for data transfers using SCCs, enabling Lawful Borderless Data.

With Anonos, state-of-the-art GDPR-Pseudonymisation technology allows you to protect data in use, comply with regulatory requirements, achieve unparalleled data portability, utility, and accuracy, and establish a defensible position for your organisation.
Words Are Not Enough
Although “words are the lawyer’s tools of the trade”, trying to address Schrems II requirements using words alone will always fail, regardless of whether the words come in the form of revised contracts, new treaties, policies, or digital terms of use.

Organisations focused on updating Standard Contractual Clauses (SCCs) miss the point that words alone cannot make data transfers lawful under Schrems II. It is critical to understand that new technical controls are required in addition to updating SCCs.

Anonos provides new technology that enables Lawful Borderless Data in compliance with Schrems II and global data protection laws.
Read briefing report
Top Misconceptions
There are many misconceptions about the impact of Schrems II, the penalties and exposure for non-compliance, and what organisations must do to move forward. Anonos provides Pseudonymisation-enabled Supplementary Measures to empower organisations to continue processing data in compliance with Schrems II and global data sovereignty and localisation laws.
WHICH PROCESSING CAN I NO LONGER DO?
Two use cases, which represent the majority or global data use and processing, are now unlawful:
  • Transfer to Cloud Services Providers or Other Processors Which Require Access to Data in the Clear (EDPB Unlawful Use Case 6); and
  • Remote Access to Data for Business Purposes (EDPB Unlawful Use Case 7)
THERE IS NO GRACE PERIOD FOR COMPLIANCE
No. There is no grace period for complying with Schrems II – the obligation to comply was immediate upon the ruling of the CJEU on 16 July 2020.
WORDS ALONE ARE NOT ENOUGH
SCCs “are not capable of binding the authorities of that third country, since they are not party to the contract.” No political solution to Schrems II will remove the obligation to implement new GDPR-compliant technical controls to reduce the risk of violating data subjects' fundamental rights for international data transfers to be lawful.
This is a Board level issue
Yes. Due to the significant publicity regarding the potential negative effects of Schrems II, lack of corporate change may constitute “wilful blindness to a course of action” or “reckless conduct by knowing of the risk but doing nothing.” This opens Board members and senior executives to potential personal and criminal liability. In addition, auditors have an obligation to report data protection violations to authorities under the International Ethics Standards Board for Accountants (IESBA), and Non-compliance with Laws and Regulations (NOCLAR).
NEW TECHNOLOGY IS REQUIRED
The EDPB has highlighted the transfer of GDPR Pseudonymised data (EDPB Lawful Use Case 2) as lawful. This means that Cloud Processing and Remote Access for Business Purposes (EDPB Unlawful Use Cases 6 and 7) can be made lawful by using GDPR-Pseudonymised data (Lawful Use Case 2).
Anonos BigPrivacy
GDPR-Pseudonymisation Software
BigPrivacy uses GDPR-Pseudonymisation, a technique recommended by the European Data Protection Board (EDPB) for protecting data in use.

BigPrivacy transforms identifying source data into privacy-respectful data assets known as Variant Twins®, using state-of-the-art technical controls. BigPrivacy gives a privacy engineer the tools to create "Privacy Actions" via a graphical user interface (GUI). These Privacy Actions can be adapted for different contexts, uses, and risks.

When data is properly Pseudonymised using BigPrivacy, data is protected during transferring and processing in compliance with Schrems II. This allows you to support SCCs for global data use and cloud processing with recommended technical measures.

We offer a QuickStart program to help get your business covered as soon as possible.
Learn more
Schrems II Knowledge Hub
RESOURCES TO HELP YOU ACHIEVE LAWFUL BORDERLESS DATA
Quick Read Briefings
In-Depth Resources
News
Top 8 Misconceptions
Executive & Board Risk Assessment Framework
New Technology Controls Required
Legal Solutions Guidebook
Webinar: Presenting Risk Exposure to the C-Suite & Board
Anonos Solution Page
Implementation Workshop
Executive Briefing Portal
IDC Report on Schrems II
Pseudonymisation
LinkedIn Group
Schrems II Blog
Top 8 Misconceptions
A number of serious misconceptions about the impact of Schrems II still remain, which makes it hard for organisations to comply.

This PDF download contains an explanation of the Top 8 Misconceptions surrounding Schrems II so that your organisation can eliminate misunderstandings to move forward. Downloadable and web versions are available.
READ MORE
Schrems II Legal Solutions Guidebook
The Schrems II Legal Solutions Guidebook is a critical asset for legal and privacy advisors working on GDPR and Schrems II compliance issues.

The Guidebook, which has been downloaded over 2,200 times, covers the key legal aspects and benefits of SCC-based Schrems II compliance, as well as a checklist, templates, and practical steps for organisations to follow.
Download
Implementation Workshop
Schrems II workshop covering Implementation Roadmap & Legal Benefits, for organisations to understand how to implement Schrems II Supplementary Measures for SCCs. Over 2000 GCs, CPOs, DPOs, and Outside Legal Counsel participated from over 1700 companies across over 50 countries. To ensure you don't miss out on valuable information, a replay of this workshop is available for you.
Watch Replay
Executive Briefing Portal
The Schrems II Executive Briefing Portal was created in response to overwhelming requests from General Counsels and data privacy professionals for additional information. This Portal allows you to explore many critical issues related to Schrems II so you can provide support to your organization and advice to your clients. The Portal contains sections on regulator guidance, Schrems II compliance, general GDPR concepts, and analysis of legal issues.
REGISTER FOR ACCESS
LinkedIn Group
This Schrems II LinkedIn Group has over 4800 members, with legal, privacy, and data professionals discussing key issues related to this ruling and some of the complications. This community group provides the opportunity to view information, collaborate on solutions, and discuss complex issues with other experts.
JOIN GROUP
Anonos Solution Page
Anonos offers a technology solution that provides technical Supplementary Measures for Schrems II compliance. Explore Anonos GDPR-Pseudonymisation technology, so that you can support your organisation or clients towards a compliant solution. Only Anonos delivers three critical requirements for achieving a Defensible Business Position: Schrems II compliant Supplementary Measures and GDPR-compliant Pseudonymisation to future-proof Standard Contractual Clauses (SCCs).
VIEW SOLUTION
IDC Report on Schrems II
This IDC report explains how Anonos’ BigPrivacy software is well placed to satisfy the Schrems II requirements for appropriate safeguards by creating pseudonymised versions of personal data (Variant Twins).

The IDC report covers the development of Anonos BigPrivacy, use cases, an explanation of Anonos' state-of-the-art Pseudonymisation technology, and market applicability of the solution. Read this IDC report to find out how Anonos technology can help you.
READ REPORT
Schrems II Blog
A timely collection of articles and perspectives that you will not find elsewhere. This content reflects topical issues gleaned from meetings and interactions with companies, regulators, legislators, and non-governmental organisations related to SCC-based compliance with Schrems II requirements.
READ BLOG
Pseudonymisation
Pseudonymisation is at the core of the Data Embassy principles, and is newly-redefined in the GDPR. Find out more about the importance of Pseudonymisation, as recommended by the EDPB as a Schrems II solution for protecting data in use, and how its application can help your organisation.
READ MORE
Executive & Board Risk Assessment Framework
This framework covers the crucial issues we address when working with these organisations to evaluate the ability to establish an immediately defensible position in compliance with Schrems II.
READ MORE
New Technology Controls Required
Relying on “Words Alone” by updating contracts and hoping for treaties produces unsustainable operations because no contract or treaty will remove the need for new technology controls to protect data when in use.

This Briefing covers how Anonos technology solves international cross-border legal challenges, enabling the highest data protection levels, accuracy, and utility on a global scale by complying with recommendations by the EDPB for GDPR-compliant Pseudonymisation.
READ MORE
Webinar: Presenting Risk Exposure to the C-Suite & Board
Schrems II risk mitigation strategies for Boards of Directors and C-Suite, and organisations are critically needed. View this webinar to find out what the risks are, and what steps you need to take next to brief your executive team and board members.
Watch Replay