In the News

April 01, 2021
GDPR / Schrems II Technology: Can Data Protection Compliance Cost Centers be Turned Into Lawful Data Use Profit Centers? EINPresswire Logo

GDPR / Schrems II Technology: Can Data Protection Compliance Cost Centers be Turned Into Lawful Data Use Profit Centers?

BRUSSELS, BELGIUM, April 1, 2021 / -- Five data and privacy experts have urged businesses to anticipate upcoming trends in U.S. data privacy laws if they want to effectively future-proof their organisations. In response to the latest developments around the Schrems II ruling and evolving regulatory challenges for international businesses, spokespeople from leading firms in the sector have discussed an array of key trends including the potential for data protection compliance centers to become lawful data use profit centers by leveraging new technical controls required for Schrems II compliance.

A recent webinar hosted by regulatory intelligence provider, Vixio, brought forward discussions on whether GDPR compliance requirements (as highlighted in Schrems II) for technical controls required for protecting data when in use, can provide a foundation for the various state privacy and consumer rights laws being adopted across the U.S. Additionally, panelists discussed the possibility of data protection compliance centers being transformed into revenue-generating lawful data use profit centres by adopting the necessary technology controls needed to satisfy Schrems II.
In the webinar, five key points were highlighted by the industry leaders:

1. Global Locations Do Not Determine Data Obligations
Sylwester Frazzoni, Editorial Director, Vixio Regulatory Intelligence, highlighted that international obligations transcend where companies are headquartered. Evolving U.S. state laws require European companies to comply if they process specified thresholds of data covered by the laws, regardless of where they are located. Laws like the California Consumer Privacy Act (CCPA) and the new Virginia Consumer Data Protection Act ("VCDPA") require European companies to comply with disparate requirements regardless of where the companies are physically located.

2. More U.S. State Privacy Laws Are Expected in 2021
Nora Gebhardt, Journalist at Vixio Regulatory Intelligence, pointed out that state lawmakers need to send a clear message that they intend to establish consumer data protection rights. She also highlighted that 2021 may well see state privacy laws passed in Washington and Oklahoma, with other states evaluating privacy laws.

3. New Technical Controls Enable Lawful Global Data Objectives
Gary LaFever, CEO & General Counsel at Anonos, Lawful Borderless Data experts, emphasized ( that investments in GDPR compliance could help European companies address compliance with non-EU data protection laws, such as U.S. state privacy laws and other data protection laws that come into force around the globe.
Furthermore, GDPR requirements as highlighted in Schrems II, can protect data when in use to help ensure predictability of operations and ongoing benefits from advanced secondary processing leveraging technology such as cloud-based Analytics and Artificial Intelligence (AI). Gary also highlighted that the technology controls required for enforcing GDPR requirements can turn data protection compliance cost centres into revenue-generating lawful data use profit centres.

4. The Virginia Privacy Law is More GDPR-Like Than California Law
Glenn Brown, Of Counsel at Squire Patton Boggs (, noted the key differences between the recent Virginia Privacy Law and the California Privacy Laws, including how companies under the Virginia Law can benefit from a 30 day cure period which does not exist under the California Laws. He also highlighted the trend of privacy regulatory laws becoming more GDPR-like and the importance of overarching data governance and data management in enabling companies to remain compliant under different U.S. state laws.

5. Digital Obligations Without Boundaries/Privacy is a Brand Value
Jill Reber, General Manager, Data Privacy at Logic 20/20 (, pointed out that digital data has no geographical limitations, and data privacy regulations are not limited to consumers and clients. Consumers pay attention to how companies are using their data and re-evaluating their relationship with the businesses that fail to use it responsibly. Privacy is a brand value that is dependent on trust, and trust itself is increasingly about data handling practices. Therefore, businesses that are thinking about their brand trust in this way will have a competitive advantage over those who do not.

Anonos is a leading provider of state-of-the-art data enablement and protection technology (, offering a range of technology solutions that empower organisations to continue lawful processing of EU data in compliance with Schrems II and other global data sovereignty and localisation laws. For more information, join the Schrems II Linkedin Group with 4,800+ members (


Schrems II Resources:

1) The Board Risk Assessment Framework is now available to view and download at

2) Are you Schrems II Compliant Quiz (in 2 questions):

3) Learn all about Pseudonymisation at

4) Schrems II Knowledge Hub:

5) Anonos:

Liberty Communications
on behalf of Anonos
email us here
Visit us on social media:

This article originally appeared in EINPRESSWIRE. All trademarks are the property of their respective owners. All rights reserved by the respective owners.