Imagine a world where you don’t have to compromise.
Organisations are now required to implement technically-enforced Supplementary Measures to bring global data transfers and cloud processing into compliance with Schrems II. Our patented technology acts as a technically-enforced Supplementary Measure for data transfers using SCCs, enabling Lawful Borderless Data.
With Anonos, state-of-the-art technology allows you to protect data in use, comply with regulatory requirements, achieve unparalleled data portability, utility, and accuracy, and establish a defensible position for your organisation moving forward.
A Schrems II Solution is Immediately Available
Watch one minute video
Solve the Challenge of Schrems II
Anonos software achieves the highest level of GDPR and Schrems II compliance while at the same time, enabling the highest value and utility of global data.
90% of organisations* realize they now need a New Defensible Business Positionfor lawful cloud processing and other data transfers
*Participants on a Schrems II webinar on 29/10/20 with 1800+ executives from 1700+ companies across 60+ countries.
Top Schrems II Misconceptions
There are many misconceptions about the impact of Schrems II, the penalties and exposure for non-compliance, and what organisations must do to move forward. Anonos provides Pseudonymisation-enabled Supplementary Measures to empower organisations to continue processing data in compliance with Schrems II and global data sovereignty and localisation laws.
There is no grace period for compliance
No. There is no grace period for complying with Schrems II – the obligation to comply was immediate upon the ruling of the CJEU on 16 July 2020.
Modifying SCCs is not enough
No. Updating SCCs is not enough. SCCs “are not capable of binding the authorities of that third country, since they are not party to the contract.” Schrems II requires the implementation of technically-enforced Supplementary Measures for transfers to non-EEA / equivalency countries to be lawful.
This is a Board level issue
Yes. Due to the significant publicity regarding the potential negative effects of Schrems II, lack of corporate change may constitute “wilful blindness to a course of action” or “reckless conduct by knowing of the risk but doing nothing.” This opens Board members and senior executives to potential personal and criminal liability. In addition, auditors have an obligation to report data protection violations to authorities under the International Ethics Standards Board for Accountants (IESBA), and Non-compliance with Laws and Regulations (NOCLAR).
A solution is available
The EDPB has highlighted the transfer of GDPR Pseudonymised data (EDPB Lawful Use Case 2) as lawful. This means that Cloud Processing and Remote Access for Business Purposes (EDPB Unlawful Use Cases 6 and 7) can be made lawful by using GDPR-Pseudonymised data (Lawful Use Case 2).
Which processing can I no longer do?
Two use cases, which represent the majority or global data use and processing, are now unlawful:
Transfer to Cloud Services Providers or Other Processors Which Require Access to Data in the Clear (EDPB Unlawful Use Case 6); and
Remote Access to Data for Business Purposes (EDPB Unlawful Use Case 7)
Resources to Help You Achieve Lawful Borderless Data:
Top 8 Misconceptions
Legal Solutions Guidebook
Executive Briefing Portal
IDC Report on Schrems II
Schrems II Blog
Top 8 Misconceptions
A number of serious misconceptions about the impact of Schrems II still remain, which makes it hard for organisations to comply.
This PDF download contains an explanation of the Top 8 Misconceptions surrounding Schrems II so that your organisation can eliminate misunderstandings to move forward. Downloadable and web versions are available.
The Schrems II Legal Solutions Guidebook is a critical asset for legal and privacy advisors working on GDPR and Schrems II compliance issues.
The Guidebook, which has been downloaded over 2,200 times, covers the key legal aspects and benefits of SCC-based Schrems II compliance, as well as a checklist, templates, and practical steps for organisations to follow.
Schrems II workshop covering Implementation Roadmap & Legal Benefits, for organisations to understand how to implement Schrems II Supplementary Measures for SCCs. Over 2000 GCs, CPOs, DPOs, and Outside Legal Counsel participated from over 1700 companies across over 50 countries. To ensure you don't miss out on valuable information, a replay of this workshop is available for you.
The Schrems II Executive Briefing Portal was created in response to overwhelming requests from General Counsels and data privacy professionals for additional information. This Portal allows you to explore many critical issues related to Schrems II so you can provide support to your organization and advice to your clients. The Portal contains sections on regulator guidance, Schrems II compliance, general GDPR concepts, and analysis of legal issues.
This Schrems II LinkedIn Group has over 4200 members, with legal, privacy, and data professionals discussing key issues related to this ruling and some of the complications. This community group provides the opportunity to view information, collaborate on solutions, and discuss complex issues with other experts.
Anonos offers a technology solution that provides technical Supplementary Measures for Schrems II compliance. Explore Anonos GDPR-Pseudonymisation technology, so that you can support your organisation or clients towards a compliant solution. Only Anonos delivers three critical requirements for achieving a Defensible Business Position: Schrems II compliant Supplementary Measures and GDPR-compliant Pseudonymisation to future-proof Standard Contractual Clauses (SCCs).
This IDC report explains how Anonos’ BigPrivacy software is well placed to satisfy the Schrems II requirements for appropriate safeguards by creating pseudonymised versions of personal data (Variant Twins).
The IDC report covers the development of Anonos BigPrivacy, use cases, an explanation of Anonos' state-of-the-art Pseudonymisation technology, and market applicability of the solution. Read this IDC report to find out how Anonos technology can help you.
A timely collection of articles and perspectives that you will not find elsewhere. This content reflects topical issues gleaned from meetings and interactions with companies, regulators, legislators, and non-governmental organisations related to SCC-based compliance with Schrems II requirements.
Pseudonymisation is at the core of the Data Embassy principles, and is newly-redefined in the GDPR. Find out more about the importance of Pseudonymisation, as recommended by the EDPB as a Schrems II solution for protecting data in use, and how its application can help your organisation.
Anonos is cool because its patented technology creates re-linkable non-identifying personalized data called Variant Twins that enable compliant analytics, ML, AI and data sharing.
The added value from the Anonos solution is that we can share insights with intergroup entities, by only sharing the insights and not the identity behind the insights. This allows innovative cooperation, and no problems with the GDPR.
We believe Anonos is well-positioned with its state-of the-art pseudonymisation capabilities and granular protection control settings to capitalize on demand for privacy-preserving data analytics.
Anonos technology enables technical enforcement of policies to break apart the silos that plague companies, allowing knowledge transfer in a privacy-respectful yet information-rich manner.
Anonos is more than GDPR compliance technology. It engineers privacy into solutions to enable lawful analytics and big data.
SCC Supplementary Measures Exist