Anonos | RESOURCES

TED Talk Big Data Needs BigPrivacy

TED Talk
Big Data Needs BigPrivacy

Data is an industry. Our data is a multi-billion dollar industry. They don’t call it Big Data for nothing!

UPDATED Schrems II Top 5 FAQs for Lawful Cloud Processing

UPDATED Schrems II Top 5 FAQs for Lawful Cloud Processing

Answers to the following Top 5 FAQs are provided below

Embracing Heightened Standards for Anonymisation and Pseudonymisation

Embracing Heightened Standards for Anonymisation and Pseudonymisation

We believe that embracing heightened Pan-European standards for anonymisation and pseudonymisation will enable the UK to better succeed in its goal of establishing an ambitious, pro-growth and innovation-friendly data protection regime that underpins the trustworthy use of data to “unleash everything from new business models to informing pandemic response and helping achieve net-zero climate goals.”

Unleashing The Power Of Data

Unleashing The Power Of Data

Data has the potential to unleash everything from new business models to informing pandemic response and helping achieve net-zero climate goals but the fact that there is no global consensus on how to handle it is limiting its use.

After Schrems II and the Amazon Fine: Overcome GDPR Compliance Challenges and Achieve Innovation Breakthroughs with GDPR Pseudonymisation

After Schrems II and the Amazon Fine: Overcome GDPR Compliance Challenges and Achieve Innovation Breakthroughs with GDPR Pseudonymisation

In a recent article, Processing Identifying Data is Unlawful in Many Situations, compelling arguments have been presented for why GDPR Pseudonymisation is the state-of-the-art solution for GDPR-compliant processing of data that is exposed to

Identifying Data Maybe Unlawful ; GDPR Pseudonymisation is State of-the-Art for Mitigating “Cloud Risk” and “Lawfulness of Processing Risk”

Identifying Data Maybe Unlawful ; GDPR Pseudonymisation is State of-the-Art for Mitigating “Cloud Risk” and “Lawfulness of Processing Risk”

Processing Identifying Data is Unlawful in Many Situations; GDPR Pseudonymisation is State of-the-Art for Mitigating “Cloud Risk” and “Lawfulness of Processing Risk” Without Losing Value

World Economic Forum Highlights Benefits of GDPR Pseudonymisation for Fourth Industrial Revolution (4IR)

World Economic Forum Highlights Benefits of GDPR Pseudonymisation for Fourth Industrial Revolution (4IR)

The World Economic Forum highlights the benefits of GDPR Pseudonymisation for transforming global economies.

Data marketplaces can transform economies. Here’s how

Data marketplaces can transform economies. Here’s how

As the power source for today’s businesses and technologies, data has the potential to ignite unparalleled progress for people and the planet – from innovations in digital identity to informing pandemic response and even getting us closer to net-zero climate goals.

Avoid Schrems II Disruptions to Data Supply Chains Top 5 Requirements

Avoid Schrems II Disruptions to Data Supply Chains
Top 5 Requirements

Top 5 Requirements to Avoid Schrems II Disruptions to Data Supply Chains

Top 10 Immediate Requirements for Surviving and Thriving Under Schrems II

Top 10 Immediate Requirements for Surviving and Thriving Under Schrems II

Anonos' webinar with 3200+ from 2300+ companies and 50+ countries inspired an updated Snakes and Ladders game highlighting the benefits of "moving forward" versus "backwards" with the Top 10 Immediate Requirements for Surviving and Thriving under Schrems II.

Webinar Replay: Schrems II Webinar: Survive & Thrive Under Schrems II

Webinar Replay: Schrems II Webinar: Survive & Thrive Under Schrems II

Two-hour webinar on Surviving and Thriving under Schrems II

Two-hour webinar on Surviving and Thriving under Schrems II

As noted in Magali's article, countries and companies on both sides of the Atlantic must comply with Schrems II requirements - which have no grace period for enforceability - until the Judicial, Executive and Legislative branches of both the EU and the US governments reconcile fundamental conflicts between how the US and the EU recognise and enforce privacy rights.

New EU-US Trade and Technology Council Must Abide by Schrems II Requirements to be Lawful, Sustainable & ESG Compliant

New EU-US Trade and Technology Council Must Abide by Schrems II Requirements to be Lawful, Sustainable & ESG Compliant

Anonos, a leading provider of state-of-the-art data enablement and protection technology, has today commented on an upcoming EU-US technology and trade partnership in the context of the Court of Justice of the European Union (CJEU) “Schrems II” (1) ruling, the Standard Contractual Clauses (SCCs) announced on 4th June by the European Commission (EC) and the finalisation by the European Data Protection Board (EDPB) of Schrems II guidelines, expected on 18th June.

New SCCs Impose Joint & Several Liability & Require Surveillance Proof Technical Controls. Are You Ready to Comply? NOW?

New SCCs Impose Joint & Several Liability & Require Surveillance Proof Technical Controls. Are You Ready to Comply? NOW?

When announcing the European Commission's new Standard Contractual Clauses (SCCs), Justice Commissioner Didier Reynders highlighted the need to “guarantee the highest possible level of legal security” for GDPR-compliant international data transfers. He emphasised that companies are required to implement safeguards that prevent the attribution of data to specific individuals without the use of additional information to protect personal data from the risk of foreign government surveillance.

DPAs and NOYB Asking Questions on Schrems II Supplementary Measures - How Do You Answer? (Infographic)

DPAs and NOYB Asking Questions on Schrems II Supplementary Measures - How Do You Answer? (Infographic)

A German task force, composed of the Bavarian and other data protection supervisory authorities, has initiated Schrems II enforcement investigations by sending questionnaires to data controllers. Here is an unofficial translation of the Bavarian DPA press release announcing the investigation and a copy of the questionnaire targeting Intra-Group Data Traffic.

Schrems II Threats to “Data Supply Chains” Present an Immediate Risk to Your Business Continuity

Schrems II Threats to “Data Supply Chains” Present an Immediate Risk to Your Business Continuity

Hundreds of registrants to the upcoming Final EDPB Guidance Schrems II Cross-Border Data Flows webinar have acknowledged that they are already facing business continuity risks and risks to data supply chains as a result of Schrems II.

10 TRUTHS ABOUT GDPR PSEUDONYMISATION

10 TRUTHS ABOUT GDPR PSEUDONYMISATION

Few concepts within the GDPR are as misunderstood as Pseudonymisation.[1] For example, despite common belief to the contrary, the benefits of GDPR-compliant Pseudonymisation extend well beyond preventing unauthorised use of personal data.

Irish High Court Affirms Schrems II

Irish High Court Affirms Schrems II

The Irish High Court has now confirmed that the Irish Data Protection Commission (DPC) is required to implement the Court of Justice of the European Union (CJEU) decision in Schrems II, specifically with regard to the transfer of Facebook data from the EU to the US.

TOP TEN TRUTHS ABOUT GDPR PSEUDONYMISATION

TOP TEN TRUTHS ABOUT GDPR PSEUDONYMISATION

My name is Steffen Weiss. I'm the Legal Counsel for the German Association for Data Protection and Data Security (GDD). We are dealing with Pseudonymisation in our Code of Conduct on Pseudonymisation and trying to get the approval for our Code of Conduct to enable controllers and processors to successfully pseudonymise personal data under the GDPR.

New European Parliament Motion Urges Review of Data Protection Practices

New European Parliament Motion Urges Review of Data Protection Practices

The methods and purposes of data processing have changed dramatically over the past several decades

Anonos Becomes World Economic Forum Global Innovator as a Fourth Industrial Revolution Data Protection Technology Expert

Anonos Becomes World Economic Forum Global Innovator as a Fourth Industrial Revolution Data Protection Technology Expert

Anonos, a leading provider of state-of-the-art data enablement and protection technology, announced today that it has become an official member of the World Economic Forum Global Innovators Community, serving as a Data Protection Technology expert for the Fourth Industrial Revolution.

Anonos Joins World Economic Forum Innovation Community to Enable Data Protection Evolution

Anonos Joins World Economic Forum Innovation Community to Enable Data Protection Evolution

Anonos has become an official member of the World Economic Forum (WEF) Global Innovators community, serving as a key contributor on Fourth Industrial Revolution (4IR) technology projects to embed verifiable controls to enable trusted data flows. These projects are critical steps in enabling data protection to evolve in a way that supports shifting data use patterns.

European Parliament Highlights the Need for More Effective Data Protection to Comply with GDPR and Schrems II Requirements

European Parliament Highlights the Need for More Effective Data Protection to Comply with GDPR and Schrems II Requirements

The EU Parliament highlights that organisations can no longer rely on simple "data housekeeping" practices alone; instead, they must shift towards advanced data protection approaches — such as GDPR Pseudonymisation — to control Big Data use.

European Parliament Motion Highlights Urgent Need for a Review of Data Protection Practices in the wake of Schrems II

European Parliament Motion Highlights Urgent Need for a Review of Data Protection Practices in the wake of Schrems II

Organisations can no longer rely on simple “data housekeeping” practices alone to satisfy data protection practices required by GDPR and Schrems II legislation (https://www.reuters.com/article/us-facebook-privacy-eu/big-u-s-tech-firms-fail-to-comply-with-curb-on-europe-data-transfers-schrems-idUSKBN26J1CP), according to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs (LIBE).

GDPR / Schrems II Technology: Can Data Protection Compliance Cost Centers be Turned Into Lawful Data Use Profit Centers?

GDPR / Schrems II Technology: Can Data Protection Compliance Cost Centers be Turned Into Lawful Data Use Profit Centers?

Five data and privacy experts have urged businesses to anticipate upcoming trends in U.S. data privacy laws if they want to effectively future-proof their organisations. In response to the latest developments around the Schrems II ruling and evolving regulatory challenges for international businesses, spokespeople from leading firms in the sector have discussed an array of key trends including the potential for data protection compliance centers to become lawful data use profit centers by leveraging new technical controls required for Schrems II compliance.

Can GDPR / Schrems II Required Technology Turn Data Protection Compliance Cost Centers Into Lawful Data Use Profit Centers?

Can GDPR / Schrems II Required Technology Turn Data Protection Compliance Cost Centers Into Lawful Data Use Profit Centers?

A recent webinar hosted by leading regulatory intelligence firm, Vixio, raised intriguing questions about whether GDPR compliance requirements (as highlighted in the Schrems II case) for protecting data when in use lays the groundwork for complying with the different states privacy and consumer rights laws being adopted in the U.S. The webinar also introduced an interesting conversation around whether these controls can act as mechanisms for turning cost centers into lawful profit centers.

Ensure certainty of operations after Schrems II for international digital transformation

Ensure certainty of operations after Schrems II for international digital transformation

The European Commission (EC) recently published a draft data adequacy decision for the UK. Does this pave the way for the continued free flow of personal data between the EU to the UK? Unfortunately, no, says Gary LaFever, CEO and general counsel, Anonos.

Anonos releases guidance around the top 5 FAQs keeping businesses awake regarding Schrems II

Anonos releases guidance around the top 5 FAQs keeping businesses awake regarding Schrems II

Anonos, the leading provider of state-of-the-art data enablement and protection technology, today released guidance on the top 5 Frequently Asked Questions (FAQs) businesses are grappling with following the release of Schrems II preliminary guidance from the European Data Protection Board (EDPB).

Schrems II: Top 5 FAQs for Lawful Cloud Processing

Schrems II: Top 5 FAQs for Lawful Cloud Processing

The EDPB notes in their Schrems II preliminary guidance that “Transfer to cloud services providers or other processors which require access to data in the clear” (EDPB Use Case 5) is unlawful. However, the EDPB notes that “Transfer of Pseudonymised Data” (EDPB Use Case 2) is lawful.

Preparing for U.S. Data Privacy Laws - Future Proofing Your Business

Preparing for U.S. Data Privacy Laws - Future Proofing Your Business

At this point, let's turn to Gary. And Gary, please share with us your experience of helping companies comply with GDPR.

Schrems II: 4 Reasons SCCs Are Not Enough

Schrems II: 4 Reasons SCCs Are Not Enough

The following are highlights from the Life After Privacy Shield Webinar hosted by the California Lawyers Association.

Webinar Replay: Life After Schrems II

Webinar Replay: Life After Schrems II

89% of GCs, CPOs, and DPOs Rate Potential Schrems II Consequences a “Catastrophic” or “Serious” Threat to Operations

89% of GCs, CPOs, and DPOs Rate Potential Schrems II Consequences a “Catastrophic” or “Serious” Threat to Operations

A recent webinar held by Anonos, a leading provider of GDPR-Pseudonymisation software, revealed that GCs, CPOs, and DPOs perceive a high-risk level from the Schrems II judgement. 89% of the webinar participants described the potential of terminated data processing under Schrems II as either “catastrophic” or “serious” for their business. Moving away from fines-based consequences, the risk of termination of data flows under Schrems II would mean severe disruptions for companies found to be non-compliant.

Schrems II: DPAs in Germany Begin Compliance Checks – Other Jurisdictions Soon to Follow

Schrems II: DPAs in Germany Begin Compliance Checks – Other Jurisdictions Soon to Follow

Schrems II enforcement is getting off the ground in Germany, highlighting the serious and urgent need for companies to begin steps towards compliance

WSJ Reports European-U.S. Data Agreement Will Not Occur for Years

WSJ Reports European-U.S. Data Agreement Will Not Occur for Years

On 9th March 2021, the Wall Street Journal reported in “Surveillance Concerns Could Hold Up European-U.S. Data Agreement for Years” that EU Justice Commissioner Didier Reynders warned that “negotiations with the U.S. over a new data-transfer agreement could take years rather than months, making it difficult for companies to continue cross-border business without violating privacy rules”.

Anonos Releases Risk Assessment Framework For Briefing Boards of Directors on Schrems II Risk Mitigation

Anonos Releases Risk Assessment Framework For Briefing Boards of Directors on Schrems II Risk Mitigation

Anonos, an industry-leading provider of GDPR-compliant Pseudonymisation technology, has released a Board Risk Assessment Framework to help companies develop Schrems II risks and mitigation strategies. This two-page document highlights the two main risks arising from non-compliance with Schrems II, including the risk of Board/Executive Director personal and criminal exposure and catastrophic disruptions to business operations.

Anonos launches quickfire ‘quiz’ to help businesses determine if they are compliant with Schrems II requirements

Anonos launches quickfire ‘quiz’ to help businesses determine if they are compliant with Schrems II requirements

Anonos, a leading provider of state-of-the-art data enablement and protection technology, has announced the launch of an online quickfire ‘quiz’. This quiz is aimed at helping organisations to determine whether they are compliant with Schrems II requirements.

With proposed privacy tech law comes validation of an industry

With proposed privacy tech law comes validation of an industry

Recent years have been kind to privacy-enhancing technologies. And that might just be the beginning.

'Schrems II': How to protect against liability when using non-EEA vendors

'Schrems II': How to protect against liability when using non-EEA vendors

In a recent "Schrems II" webinar, a vast majority of participants expressed concern about the risks associated with cloud-based processing of cleartext EU data and remote access to EU data for business purposes.

Webinar:Briefing the C-Suite & Board of Directors on Schrems II Risk Exposure

Webinar:Briefing the C-Suite & Board of Directors on Schrems II Risk Exposure

Welcome everyone to this webinar, Briefing the C-Suite & Board of Directors on Schrems II Risk Exposure. We've had a surprising amount of interest in this webinar. You are joined with over 1000 of your colleagues,over 25% of which are new to Anonos webinars.

Schrems II: DPAs in Germany Begin Compliance Checks - Other Jurisdictions Soon to Follow

Schrems II: DPAs in Germany Begin Compliance Checks - Other Jurisdictions Soon to Follow

Schrems II enforcement is getting off the ground in Germany, highlighting the serious and urgent need for companies to begin steps towards compliance. A discussion between German Data Protection Authorities (DPAs) at their joint Datenschutzkonferenz (DSK) meeting highlighted the next steps of a Schrems II Task Force: DPAs, led by Hamburg and Berlin, will begin initiating enforcement measures.

Do you understand what Schrems II means for your business?

Do you understand what Schrems II means for your business?

Since the Schrems II case ruling, there has been a concerning lack of understanding across the board among C-level executives who have misconceptions about the penalties of non-compliance, and what is required of their organisation to move forward without breaching data protection regulations.

Schrems II: Action Required for Lawful Public Cloud Processing

Schrems II: Action Required for Lawful Public Cloud Processing

Issues surrounding Schrems II compliance can be complex and daunting. The CJEU court ruling was rendered 6 months ago and there is no grace period for compliance. As a result, prompt assessment and, in some cases, action are advised to support the business priorities and goals of your organisation.

U.S. Says New SCC Proposal Bad News For AML

U.S. Says New SCC Proposal Bad News For AML

The U.S. government has said that the European Commission’s standard contractual clause (SCC) proposal could have “a chilling effect” on the regulatory oversight of financial institutions, but experts are less convinced.

Schrems II: How to Protect Against Liability When Using Non-EEA / Equivalency Country Vendors

Schrems II: How to Protect Against Liability When Using Non-EEA / Equivalency Country Vendors

98% of the participants in an Anonos Schrems II webinar held on 13 January, involving 2000+ executives representing 1700+ companies from 50+ countries, expressed concern about the risks associated with cloud-based processing of cleartext EU data and remote access to EU data for business purposes.

European Data Protection Board Highlights Ways to Comply

European Data Protection Board Highlights Ways to Comply

The Schrems II ruling by the Court of Justice of the European Union (CJEU) is now well-known, in particular its role in upending cross-border data transfers for many companies, including big organizations such as Microsoft and Apple.

Workshop Replay Schrems II: Implementation Roadmap & Legal Benefits

Workshop Replay
Schrems II: Implementation Roadmap & Legal Benefits

This is a replay of The Schrems II Implementation Roadmap & Legal Benefits Workshop. Over 2000 GCs, CPOs, DPOs and Outside Legal Counsel participated from 1700+ companies across 50+ countries. We hope you find the replay beneficial.

ICO Alerts UK Companies That Supplementary Measures Are Recommended for Uninterrupted Data Flows with EU-EEA Customers

ICO Alerts UK Companies That Supplementary Measures Are Recommended for Uninterrupted Data Flows with EU-EEA Customers

28 December 2020 - The ICO today issued a statement that:
"As a sensible precaution, before and during this period, the ICO recommends that businesses work with EU and EEA organisations who transfer personal data to them, to put in place alternative transfer mechanisms, to safeguard against any interruption to the free flow of EU to UK personal data."

EU-UK Trade and Cooperation Agreement Does Not Address Adequacy Decision So the CJEU Shrems II Ruling Applies to the UK

EU-UK Trade and Cooperation Agreement Does Not Address Adequacy Decision So the CJEU Shrems II Ruling Applies to the UK

The Brexit deal does not include any adequacy decision on data protection for the UK, so the principles embodied in the CJEU Schrems II (C-311/18) and subsequent CJEU rulings apply to the UK.

Schrems II Solutions: Cloud Promises Alone Are Not Enough

Schrems II Solutions: Cloud Promises Alone Are Not Enough

The Schrems II [1] ruling has brought on a new wave of discussion, confusion, and heightened urgency with regard to cross-border data transfers, particularly cloud processing. Numerous organisations have tried to reassure their customers that they have everything under control and that nothing needs to change.

Highlights of EDPB Schrems II Guidance on Supplementary Measures

Highlights of EDPB Schrems II Guidance on Supplementary Measures

Five lawful use cases were identified by the European Data Protection Board (EDPB) in the recently-released Schrems II Guidance 01/2020.

EDPB issues guidance for safe data transfers post-Privacy Shield

EDPB issues guidance for safe data transfers post-Privacy Shield

The European Data Protection Board (EDPB) has issued guidance to help companies transfer data to the United States and other third countries safely after Europe’s top court in July ruled key methods used up until then were either invalid or unsafe.

Schrems II: Fictional Legalistic Approaches Are Not Enough

Schrems II: Fictional Legalistic Approaches Are Not Enough

Under the Schrems II ruling by the Court of Justice of the European Union (CJEU), data controllers and processors can no longer rely on the invalidated Privacy Shield Transatlantic data transfer treaty.

Schrems II: 90% of Organisations Are Searching For A New Defensible Business Position For Lawful Cloud Processing

Schrems II: 90% of Organisations Are Searching For A New Defensible Business Position For Lawful Cloud Processing

Over 1800 executives, general counsels, and privacy professionals from 59 countries and over 1700 different organisations signed up to participate in a panel presented by Anonos last week on 29 October, 2020.

Schrems II Lawful Cloud Processing Webinar Summary

Schrems II Lawful Cloud Processing
Webinar Summary

Thank you for engaging in our Schrems II lawful processing webinars over the last 4 weeks. The turnout for the webinars was great, with a community of over 3400 general counsels, outside legal counsels, and senior data protection officers from over 60 countries.

Schrems II Cloud Webinar

Schrems II Cloud Webinar

Schrems II Lawful Cloud Processing and SCCs

Anonos: Over 1,600 GCs, CPOs and DPOs To Discuss Lawful Cloud Processing Under Schrems II

Anonos: Over 1,600 GCs, CPOs and DPOs To Discuss Lawful Cloud Processing Under Schrems II

The July 2020 Schrems II decision by the Court of Justice of the European Union invalidating the Privacy Shield for lawful data transfer continues to be a hot topic, with many privacy professionals and organisations uncertain about how to proceed.

5 Stages of Additional Safeguards Under Schrems II

5 Stages of Additional Safeguards Under Schrems II

The following “5 Stages of Additional Safeguards Under Schrems II” were derived from the top questions and comments submitted by over 4,000 participants in recent Schrems II webinars including General Counsels, Chief Privacy Officers and Data Protection Officers from leading global data-driven companies.

Webinar FAQ 7: Is GDPR-Grade Anonymisation Technically Possible?

Webinar FAQ 7: Is GDPR-Grade Anonymisation Technically Possible?

Anonymisation is a high-risk, short-term strategy. It is no silver bullet. It is difficult if not impossible to achieve in the age of big data, machine learning, and quickly interconnect data sources.

Webinar FAQ 6: Data Pseudonymisation 101 Overview

Webinar FAQ 6: Data Pseudonymisation 101 Overview

The GDPR expressly awards certain benefits to the use of GDPR-compliant Pseudonymisation

Data Privacy: Synthetic Data vs GDPR-Compliant Pseudonymisation

Data Privacy: Synthetic Data vs GDPR-Compliant Pseudonymisation

Using Pseudonymisation allows no data utility to be lost during processing, which can help to ensure that models are trained on representative data. This also allows the processing of more data, which can reduce overfit and underfit issues, and can ensure that results are more reliable.

Webinar FAQ 5: Explain how the GDPR heightened standard for Pseudonymisation is not the same as the casual understanding of the technique.

Webinar FAQ 5: Explain how the GDPR heightened standard for Pseudonymisation is not the same as the "casual" understanding of the technique.

The GDPR definition of Pseudonymisation is very different from the pre-GDPR "casual" understanding of the term – you must now satisfy dramatically heightened requirements.

Webinar FAQ 4: Can I rely on statements by US and other non-EEA/Equivalency Country cloud providers that their Standard Contractual Clauses (SCCs) enable lawful data transfer under Schrems II?

Webinar FAQ 4: Can I rely on statements by US and other non-EEA/Equivalency Country cloud providers that their Standard Contractual Clauses (SCCs) enable lawful data transfer under Schrems II?

No. Data controllers have an affirmative obligation to ensure that SCCs are augmented with “supplementary measures” that ensure protection equivalent to EU data protection laws. This obligation remains the sole obligation of a data controller under Schrems II unless it is expressly assumed by a cloud provider, in which case it becomes a shared responsibility of the parties.

What is Data Protection by Design and by Default?

What is Data Protection by Design and by Default?

Webinar FAQ 3: Do Additional Safeguards enable Schrems II Compliant EU employee data processing?

Webinar FAQ 3: Do Additional Safeguards enable Schrems II Compliant EU employee data processing?

Yes. If you are already practicing Data Protection by Design and By Default, most employee-related processing involving EU personal data can continue using additional safeguards like GDPR-heightened Pseudonymisation.

Webinar FAQ 2: Do Boards of Directors and stockholders need to be made aware of Schrems II? What about Financial auditors and vertical industry regulators?

Webinar FAQ 2: Do Boards of Directors and stockholders need to be made aware of Schrems II? What about Financial auditors and vertical industry regulators?

Due to potential material adverse impacts of Schrems II noncompliance, consult with legal counsel regarding your obligation to disclose facts to internal and external stakeholders to avoid potential liability.

Webinar FAQ 1: Are BCRs similarly affected by Schrems II like SCCs?

Webinar FAQ 1: Are BCRs similarly affected by Schrems II like SCCs?

Under Schrems II, both BCRs & SCCs require additional safeguards to ensure that foreign laws do not impinge on the EU level of protection they guarantee.

Summary & FAQ from Webinar - Schrems II

Summary & FAQ from Webinar - Schrems II

Part I below are the top 25 Frequently Asked Questions (FAQS) from the 900+ questions submitted by the audience before and during the webinar, answers to be published in the Schrems II - Lawful Data Transfer LinkedIn group.

Schrems II Lawful Data Transfer Webinar Replay & Transcript

Schrems II Lawful Data Transfer
Webinar Replay & Transcript

Discussion on how Additional Safeguards enable lawful data transfers using SCCs & BCRs.

Magali Feys Post Webinar Recap

Magali Feys Post Webinar Recap

I want to thank you for participating in the webinar. I believe we had really engaging conversations with the panelists and viewing all of your questions, which are over 900 questions.

Magali Feys on her PhD Paper

Magali Feys on her PhD Paper

Hello, everybody, after the seminar, I got a lot of questions on the topic of my PhD, which goes about the secondary purchasing or processing of medical data.

How to Lawfully Comply with Schrems II for International Data Transfer

How to Lawfully Comply with Schrems II for International Data Transfer

German state DPA guidance on protected usable data post-'Schrems II'

German state DPA guidance on protected usable data post-'Schrems II'

Recent guidance by Germany’s Baden-Württemberg Commissioner for Data Protection and Freedom of Information instructs EU entities they cannot lawfully transfer data to cloud, software-as-a-service or other technology providers not organized under the laws of the EU, European Economic Area or an equivalent protection country, rendering off-limits providers from the U.S. and U.K.

2 min summary on IAPP Schrems II Article: A solution to enable ongoing lawful transfer of data

2 min summary on IAPP Schrems II Article:
A solution to enable ongoing lawful transfer of data

My name is Gary LaFever and I'm the CEO & General Counsel at Anonos. I'm here to briefly summarize an article that was published by the IAPP regarding the German DPA guidance on how you can in fact have lawful data transfers after Schrems II.

Schrems II - Data Embassy for Cloud

Schrems II - Data Embassy for Cloud

On 16 July 2020, the highest court in the EU, the Court of Justice of the European Union (CJEU), issued a final, unappealable ruling known as “Schrems II” which invalidated the EU-US Privacy Shield for international data transfers.

Must Data Minimisation Mean Data Deletion?

Must Data Minimisation Mean Data Deletion?

Data minimisation is a fundamental principle set out in the General Data Protection Regulation (GDPR) as well as in many other privacy laws around the world.

Benefits of Pseudonymisation Under the GDPR

Benefits of Pseudonymisation Under the GDPR

Anonymisation under the GDPR requires irrevocably severing all links between data and the data subject. In contrast, Pseudonymisation (as newly defined under GDPR Article 4(5)) means maintaining those links (suitably accessible by encrypted keys and the like) in the hands of authorized parties only and requiring access to secured keys to see the underlying data or to reveal linkages to underlying data.

Does GDPR-defined Pseudonymisation Overcome the Shortcomings of Anonymisation and Encryption in Response to the Schrems II / Privacy Shield Decision?

Does GDPR-defined Pseudonymisation Overcome the Shortcomings of Anonymisation and Encryption in Response to the Schrems II / Privacy Shield Decision?

I start and end this article with the same question - Does GDPR-defined Pseudonymisation Overcome the Shortcomings of Anonymisation and Encryption in Response to the Schrems II / Privacy Shield Decision?

To Comply with Schrems II / Privacy Shield You Don’t Need to Move Out of the Cloud

To Comply with Schrems II / Privacy Shield You Don’t Need to Move Out of the Cloud

With the announcement that TikTok will be opening up a data centre in Ireland at the cost of $500 million USD, it is easy to wonder which large technology vendors and cloud providers will follow suit.

Defending the ethical and legal use of data for secondary processing

Defending the ethical and legal use of data for secondary processing

In a post COVID-19 world, organisations will become more reliant than ever on solidifying relationships with their existing customer base and improving partnerships via commercial data exchange.

The IDC report - Anonos: Embedding Privacy and Trust into Data Analytics through Pseudonymisation highlights the capability of Anonos patented Variant Twins to deliver

Memorandum to EDPB

Memorandum to EDPB

The European Data Protection Board (“EDPB”), in their Frequently Asked Questions on the Judgment of the Court of Justice of the European Union in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, stated that:

The pursuit of happiness How Big Data use enables big benefits

The pursuit of happiness
How Big Data use enables big benefits

DATA-DRIVEN decision-making is a major part of economic and societal development.

Variant Twins Enable Lawful International Data Transfer and Secondary Processing

Variant Twins Enable Lawful International Data Transfer and Secondary Processing

Is your organisation - like the rest of the world - trying to determine what Schrems II “supplementary measures” are and how you can continue to lawfully transfer and process data in the cloud?

Data Scientist Expert Opinion

Data Scientist Expert Opinion

For Machine Learning tasks, Anonos Variant Twins provide performance comparable to clear text data. Results are virtually identical on every measure – with Variant Twins providing obviously enhanced resistance to re-identification.

EDPB FAQS: No Grace Period for Schrems II Compliance

EDPB FAQS: No Grace Period for Schrems II Compliance

The European Data Protection Board (EDPB) issued FAQs on 23 July 2020 [1] that highlight, among other matters

Case Study: Raiffeisen Bank

Case Study: Raiffeisen Bank

My name is Manuel Schwarzinger. I am with the Raiffeisenlandesbank, and I am responsible for I.T. Digitalization Data Management.

After Schrems II: Contracts No Longer Enough For International Data Transfer

After Schrems II: Contracts No Longer Enough For International Data Transfer

Companies relying on the EU–U.S. Privacy Shield for data transfers should swiftly implement appropriate safeguards and mechanisms to avoid the risk of having data flows suspended, as the potential costs far exceed any possible, and possibly contemporaneous, fines.

How Anonos Works: Centralized Data Protection Controls for Decentralized Uses

How Anonos Works:
Centralized Data Protection Controls for Decentralized Uses

Organisations need speed to insight to compete in today’s uncertain business environment. This means that you must collect, use and share data in a more efficient, faster, and more focused way, with an entirely different approach than ever before.

Resolving the conflict between cybersecurity and privacy

Resolving the conflict between cybersecurity and privacy

Fireside Chat #1: Speed to Insight, Lawfully & Ethically

Fireside Chat #1:
Speed to Insight, Lawfully & Ethically

This is Doug Laney, Data & Analytics Strategy Principal at Caserta and author of the book “Infonomics: How to Monetize, Manage and Measure Information as an Asset.” I am here today with Gary LaFever, CEO and General Counsel at Anonos, to discuss the idea of gaining business “Speed to Insight, Lawfully and Ethically.”

Fireside Chat #2: Access to Data for Digital Insights

Fireside Chat #2:
Access to Data for Digital Insights

This is Doug Laney, Data & Analytics Strategy Principal at Caserta and author of the book “Infonomics: How to Monetize, Manage and Measure Information as an Asset.” ” I am here today with Gary LaFever, CEO and General Counsel at Anonos, to discuss why companies need “Access to Data for Digital Insights.”

Fireside Chat #3: Automated Processing for Frictionless Digital Insights

Fireside Chat #3:
Automated Processing for Frictionless Digital Insights

This is Doug Laney, Data & Analytics Strategy Principal at Caserta and author of the book “Infonomics: How to Monetize, Manage and Measure Information as an Asset.” I am here today with Gary LaFever, CEO and General Counsel at Anonos, to discuss the benefits of “Automated Processing for Frictionless Insights.”

Fireside Chat #4: Defending the Lawfulness & Ethics of Desired Processing

Fireside Chat #4:
Defending the Lawfulness & Ethics of Desired Processing

This is Doug Laney, Data & Analytics Strategy Principal at Caserta and author of the book “Infonomics: How to Monetize, Manage and Measure Information as an Asset.” I am here today with Gary LaFever, CEO and General Counsel at Anonos, to discuss an approach to “Defending the Lawfulness and Ethics of Desired Processing.”

Data Privacy vs Utility Fallacy: The COVID-19 Tracing App Problem

Data Privacy vs Utility Fallacy: The COVID-19 Tracing App Problem

Among the many serious challenges the COVID-19 pandemic has presented businesses and individuals alike with, a long talked about and complex discussion has also arisen once again: what is worth giving up personal privacy for?

The IAB Europe Guide to Cookies: Privacy Promises Should Do More Than Crumble

The IAB Europe Guide to Cookies: Privacy Promises Should Do More Than Crumble

The IAB Europe recently published a guide called ‘Guide to the Post Third-Party Cookie’ Era' in an effort to help the AdTech industry begin to find a way forward through this complicated path.

Data Use vs Privacy: A False Trade-Off?

Data Use vs Privacy: A False Trade-Off?

The concerns surfacing ahead of proposed COVID-19 tracing apps show that privacy isn’t dead: far from it.

Saving Direct Marketing in the Post-Pandemic Economic Recovery

Saving Direct Marketing in the Post-Pandemic Economic Recovery

Welcome to the IAPP web conference “Saving Direct Marketing in the Post-Pandemic Economic Recovery” brought to you today by Anonos.

Satisfying the Hunger for Data

Satisfying the Hunger for Data

There are two main ways that businesses are currently tackling the GDPR and other data privacy and protection laws: either they are not sure how to comply and continue to process data, hiding among many other non-compliant organisations and industries.

Legitimate Interest Microsegmentation-Based Direct Marketing

Legitimate Interest Microsegmentation-Based Direct Marketing

Welcome everyone! We appreciate you taking the time particularly in these uncertain times to join us today for a very insightful and timely message - Legitimate Interest Microsegmentation-Based Direct Marketing.

ENISA Guideline Comparison

ENISA Guideline Comparison

GDPR Pseudonymisation: State-of-the-Art Technical & Organisational Controls to Achieve Functional Separation

Ensuring a Privacy-Respectful Future for Direct Marketing and AdTech

Ensuring a Privacy-Respectful Future for Direct Marketing and AdTech

As many countries around the world enforce “stay at home” orders and lockdown decrees due to the coronavirus (COVID-19) pandemic, our attention is rightly focused on the health and safety of citizens, medical care providers and other essential personnel.

The real solution to the ICO’s Direct Marketing Code

The real solution to the ICO’s Direct Marketing Code

Since the introduction of GDPR, many firms have begun to fear the knock-on effects of tighter privacy controls on customer data.

Bring Back Ads? The Critical Role that Direct Marketing and AdTech Can Play in Economic Recovery

Bring Back Ads? The Critical Role that Direct Marketing and AdTech Can Play in Economic Recovery

As many countries around the globe turn to mandatory “stay at home” orders and lockdown decrees, our deepest concerns rightfully center around the health and safety of citizens, medical care providers and other essential personnel who keep the wheels of society turning.

Privacy and Data innovation Professionals Discuss Future of Personal Marketing

Privacy and Data innovation Professionals Discuss Future of Personal Marketing

Over 700 senior privacy and data innovation professionals from around the world recently joined a webinar hosted by the Data Protection World Forum, discussing Pseudonymisation-enabled Legitimate Interests processing with a focus on new legal requirements for direct marketing under GDPR.

CDOs at loggerheads with legal teams over data use

CDOs at loggerheads with legal teams over data use

Data professionals working in financial services firms are being prevented by their legal teams from repurposing customer data for secondary use, with the two departments seemingly at loggerheads, according to new research.

Legitimate Interest Processing Webinar

Legitimate Interest Processing Webinar

Thank you, everyone, for joining us today! We're very appreciative of the assistance of the Data Protection World Forum and my co-hosts today.

Part II: Industry Compliance and “Speeding” in the AdTech Industry

Part II: Industry Compliance and “Speeding” in the AdTech Industry

As discussed in Part I of our article on compliance issues with the GDPR, many organisations are driving just above the speed limit in terms of data processing, hoping that because everyone else is doing it, they won’t get caught.

Financial services organisations struggling to utilise customer data

Financial services organisations struggling to utilise customer data

A disconnect exists between the goals of Chief Data Officers (CDOs) within financial services organisations and their legal departments when it comes to repurposing data for secondary use, according to new research released today.

Financial services organisations struggling to utilise customer data

Financial services organisations struggling to utilise customer data

A disconnect exists between the goals of Chief Data Officers (CDOs) within financial services organisations and their legal departments when it comes to repurposing data for secondary use, according to new research released today.

Why compliance doesn’t have to stifle innovation

Why compliance doesn’t have to stifle innovation

The EU General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) are two notable examples of the legislation that have now been implemented to regulate the access to, and use of, personal data. In the case of the GDPR specifically, there are mandatory requirements for Data Protection by Design and by Default.

Part I: Speeding Cars: How to Stop Driving Above the GDPR Speed Limit

Part I: Speeding Cars: How to Stop Driving Above the GDPR Speed Limit

With the introduction of the GDPR, the rules of the data privacy road suddenly and significantly changed. Almost overnight, organisations had to consciously think about their proposed collection and use of data, how it could affect their customers, and whether it was lawful and ethical.

Magali Feys, Chief Strategist - Ethical Data Use at Anonos speaks at PrivSec London on Ethical Data Use

Magali Feys, Chief Strategist - Ethical Data Use at Anonos speaks at PrivSec London on Ethical Data Use

I'm Maggie Feys. I am Chief Strategist Ethical Data Use with Anonos. And I also have a private practice as a tech lawyer. I specialized in IP, IT, and data protection.

IAPP Pseudonymisation Webinar

IAPP Pseudonymisation Webinar

Welcome to the IAPP Web Conference. Can Pseudonymisation Save AdTech: Pseudonymisation and the 5th Cookie Initiative, brought to you today by Anonos. My name is Dave Cohen. I'm the IAPP’s knowledge manager and I'll be your host for today's program.

Variant Twin Storyboard

Variant Twin Storyboard

When organisations want to use data but cannot because of ethical, legal, risk, or compliance concerns, it results in a non-productive “tug of war.

BigPrivacy in 3 Minutes State of the Are in Data Protection by Design & by Default

BigPrivacy in 3 Minutes
State of the Are in Data Protection by Design & by Default

Introducing the new State-of-The-Art in Data Protection by Design and by Default, Anonos BigPrivacy Variant Twins. Until now, companies had to choose between either data protection or data utility, with a ladder frequently winning at the expense of the former.

This new working group looks to tackle adtech, RTB issues

This new working group looks to tackle adtech, RTB issues

The U.K. Information Commissioner's Office put the advertising technology industry on notice last summer. The message was simple: The entire industry has been operating illegally. Organizations were not properly gathering consent to serve targeted ads, and the agency cited a lack of transparency in how data is processed and sold in real-time bidding scenarios.

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

GDPR Recommended Technology Safeguards Enable Democratized Digital Marketing

‘Can Pseudonymisation Save Adtech?’

‘Can Pseudonymisation Save Adtech?’

Data-driven commerce opens up opportunities for businesses but also raises privacy concerns. Consent alone no longer works in many situations.

Keynote speech on Pseudonymisation at PrivSec London 2020

Keynote speech on Pseudonymisation at PrivSec London 2020

Thank you so much. Today, I want to talk to you about Pseudonymisation and why it is really unique under GDPR and I definitely want to stress the point because whenever, as a lawyer, I implemented GDPR within the companies.

Anonos to deliver keynote speech on Pseudonymisation at PrivSec London 2020

Anonos to deliver keynote speech on Pseudonymisation at PrivSec London 2020

New '5th Cookie' industry-group plans also set to be announced

Triumvirate proposes new solution to adtech issue

Triumvirate proposes new solution to adtech issue

Three organisations have joined forces to set up a working group in an effort to tackle one of the biggest conundrums of the adtech world; how to ensure GDPR compliance when using real-time bidding systems.

Acxiom backs GDPR solution to adtech’s data crisis

Acxiom backs GDPR solution to adtech’s data crisis

Data giant Acxiom has thrown its hat in the ring to try to find a solution to the adtech realtime bidding (RTB) headache by joining forces with two organisations to draw up plans to use GDPR safeguards to protect consumers from “the mass unlawful use” of their personal data.

AdTech Community Proposes GDPR-Grounded Model

AdTech Community Proposes GDPR-Grounded Model

Anonos, the leading data privacy, and enablement technology provider, Acxiom®, the data, and technology foundation for the world’s best marketers; and the Information Accountability Foundation (IAF), the preeminent global information policy think tank, announced the formation of a ‘5th Cookie’ working group that supports exploration of using GDPR recommended technical and organizational safeguards to enforce greater accountability and ethics across the AdTech real-time bidding (RTB) ecosystem.

Pseudonymisation Under the GDPR

Pseudonymisation Under the GDPR

Pseudonymised data remains within the scope of the EU General Data Protection Regulation (GDPR) as personal data, however, it provides substantial benefits as the state of the art in Data Protection by Design and by Default.

Legitimate Interests Processing Under the GDPR

Legitimate Interests Processing Under the GDPR

There are six legal bases available for lawful processing of personal data under the GDPR for primary uses (for example, taking payment for a product online) and secondary uses (repurposing) of data (for example, subsequently sending a personalised newsletter to customers based on profiling for marketing purposes).

Anonymisation Under the GDPR

Anonymisation Under the GDPR

The EU General Data Protection Regulation (GDPR) establishes a very high bar for what constitutes anonymous data, thereby exempting the data from the requirements of the GDPR

Adtech industry looks to GDPR to solve thorny issue of real-time bidding

Adtech industry looks to GDPR to solve thorny issue of real-time bidding

The adtech industry is one of the most important industries in the online world, underpinning the adverts that enable many sites to make money, but it has a serious problem: one of its central technologies is not fully compliant with GDPR.

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

GDPR Recommended Technology Safeguards Enable Democratized Digital Marketing

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

GDPR Recommended Technology Safeguards Enable Democratized Digital Marketing

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

Cross-Industry Group Proposes GDPR-Grounded Model for Compliant AdTech

GDPR Recommended Technology Safeguards Enable Democratized Digital Marketing

Pseudonymisation high on the agenda on day two of the International CPDP Data Protection and Artificial Intelligence Conference

Pseudonymisation high on the agenda on day two of the International CPDP Data Protection and Artificial Intelligence Conference

Establishing controls for lawful secondary data processing when consent alone is not enough

IAPP Legitimate Interest Webinar

IAPP Legitimate Interest Webinar

Technical & Organizational Controls for Lawful AI & Secondary Processing When Consent is Not Enough CPDP Brussels

Technical & Organizational Controls for Lawful AI & Secondary Processing When Consent is Not Enough
CPDP Brussels

The unpredictable and sometimes unimaginable use of data in AI and other secondary (further) processing is a feature, not a bug.

Anonos CEO to speak at the 13th International CPDP Data Protection and Artificial Intelligence Conference in Brussels

Anonos CEO to speak at the 13th International CPDP Data Protection and Artificial Intelligence Conference in Brussels

Panel to focus on overcoming the limitations of consent when establishing controls for lawful AI and secondary processing

Visa's acquisition of Plaid throws up data reuse concerns

Visa's acquisition of Plaid throws up data reuse concerns

What happens when a service you shared your personal data with is acquired by a giant corporation?

IAPP Webinar: What to Do When Concept Doesn’t Work? How De-Identification Requirements under CCPA and HIPAA Differ

IAPP Webinar: What to Do When Concept Doesn’t Work?
How De-Identification Requirements under CCPA and HIPAA Differ

Welcome to the IAPP Web Conference. What to Do When Consent Doesn't Work under CCPA: How De-Identification Requirements under CCPA and HIPAA Differ, brought you today by Anonos.

'What to Do When Consent Doesn’t Work under CCPA'

'What to Do When Consent Doesn’t Work under CCPA'

In addition to other benefits, the California Consumer Privacy Act enhances privacy for individuals when data uses cannot be adequately served using consent alone.

Web con: 'Legitimate-Interest Processing under the GDPR'

Web con: 'Legitimate-Interest Processing under the GDPR'

Organizations can reap the benefits of processing data via the legitimate-interest legal basis under the EU General Data Protection Regulation; however, for it to be done correctly, the proper technical and organizational safeguards must be in place. Join the IAPP Jan. 23 for this sponsored web conference to learn about the safeguards that need to be implemented to realize those benefits.

CCPA Comment Letter Clarification of CCPA De-Identification Requirements

CCPA Comment Letter
Clarification of CCPA De-Identification Requirements

This Comment Letter respectfully requests clarification of the requirements under the California Consumer Privacy Act (“CCPA” or “Act”) for CCPA compliant de-identification in order for companies to comply with their obligations under the Act.

Anonos Keynote Speech on What the Future Holds for Financial Data Innovation

Anonos Keynote Speech on What the Future Holds for Financial Data Innovation

Increase Lawful Data Value by Removing Roadblocks

Warsaw Presentation 2019

Warsaw Presentation 2019

Thank you very much. I appreciate this opportunity. My Polish is very bad. So, I will speak in English. Thank you for your indulgence. I'm very proud and happy to be here at the request of our partner, Hitachi.

Anonos Keynote Speech on Lawful Data Monetization in the GDPR Era

Anonos Keynote Speech on Lawful Data Monetization in the GDPR Era

CEO presents at the largest and most prestigious meeting of the IT environment in Poland with the Polish banking sector.

Data Privacy Firm Anonos to Emphasize Data Stewardship at International Privacy Event

Data Privacy Firm Anonos to Emphasize Data Stewardship at International Privacy Event

Pseudonymisation Expert Gary LaFever Keynotes GDPR Implementation Panel at Bitkom Privacy Conference

Taking Data Security from Analogue to Digital - EU regulators now encourage companies to adopt a new “digital” alternative – namely “pseudonymisation”

Taking Data Security from Analogue to Digital - EU regulators now encourage companies to adopt a new “digital” alternative – namely “pseudonymisation”

Despite seemingly endless headlines about data leaks, financial hacks, and nine-figure fines levied at major companies, countless industry professionals continue approaching the capture, storage, and processing of consumer information the same way they have for decades.

Encryption 101 and the trap of leaving data unprotected

Encryption 101 and the trap of leaving data unprotected

Before Chris Davis traveled to China for work some years ago, he was warned officials would take his electronics and make hard drive copies after he landed.

Between Utility and Privacy: the Data De-Identification Balance

Between Utility and Privacy: the Data De-Identification Balance

The inherent desire for organizations to be data driven is now coming up against calls to be respectful of user privacy. This conflict has led to the emergence of de-identification solutions that establish a balance between data usability and user privacy.

Anonymisation does not work for big data due to lack of protection for direct & indirect identifiers and easy re-identification vs pseudonymisation

Anonymisation does not work for big data due to lack of protection for direct & indirect identifiers and easy re-identification vs pseudonymisation

Recently, well-publicised research by data scientists at Imperial College in London and Université Catholique de Louvain in Belgium as well as a ruling by Judge Michal Agmon-Gonen of the Tel Aviv District Court have highlighted the shortcomings of outdated data protection techniques like “Anonymisation” in today’s big data world.

In Life Sciences Research, Informed Consent Is No Longer Enough

In Life Sciences Research, Informed Consent Is No Longer Enough

The recently issued European Data Protection Board Opinion 3/2019 stipulates that “informed consent” from clinical trial participants for life science research purposes typically does not satisfy requirements for consent as a legal basis for processing personal data under the EU General Data Protection Regulation.

Pseudonymisierung vs. Anonymisierung gemäß der DSGVO

Pseudonymisierung vs. Anonymisierung gemäß der DSGVO

Obwohl die DSGVO längst in Kraft getreten ist, gibt es weiterhin viel Klärungsbedarf. Ein Grund ist die mangelnde Wahrnehmung einiger grundlegender Konzepte der Datenschutzverordnung.

Introduction to Fair Trade Data - Balancing Innovation and Data Privacy

Introduction to Fair Trade Data - Balancing Innovation and Data Privacy

We would like to welcome everyone to the first webinar on Fair Trade Data, and I would like to start by introducing my co-host, Günther Leissler.

Anonos BigPrivacy Technology Enables Innovation By Leveraging GDPR Compliant Fair Trade Data

Anonos BigPrivacy Technology Enables Innovation By Leveraging GDPR Compliant Fair Trade Data

Gerry Rankin, Global Head of Privacy Risk Management at Anonos Presents Keynote on "Fair Trade Data for Innovation"

A 'fair-trade data' standard for AI

A 'fair-trade data' standard for AI

In recent months, policymakers have begun turning their attention to the potential hazards and perils that may come as we turn over an increasing amount of decision-making responsibility to artificial intelligence or “AI.”

Anonos SaveYourData Makes Pre-GDPR Data Legal and Compliant

Anonos SaveYourData Makes Pre-GDPR Data Legal and Compliant

Data Privacy leader offers the first and only software solution for companies to transform illegal pre-GDPR data while retaining full analytical, AI and machine learning potential

Achieving AI’s Full Potential With “Fair Trade Data”

Achieving AI’s Full Potential With “Fair Trade Data”

Regulating the future of data and AI means making rules for a world that we do not yet fully understand. While AI is still in its infancy, the time is now to put safeguards in place to ensure that individuals are protected while still fostering an environment that encourages innovation.

Anonos BigPrivacy To Highlight Role of Technology Vendors in Data Privacy Compliance

Anonos BigPrivacy To Highlight Role of Technology Vendors in Data Privacy Compliance

Anonos Co-Founder & Chief Executive Officer, Gary LaFever, will participate in a panel titled Vendors, Their Clients, and the International Privacy Regulatory Landscape at International Privacy & Security Forum at 4:00 p.m. ET on April 4, 2019 in Washington DC.

Avoid the Trust Deficit with AI

Avoid the Trust Deficit with AI

Focusing on data breaches, subject access requests (SARS), and consent is distracting and confusing when it comes to AI. What the industry needs is clarity on what is necessary to lawfully POSSESS and USE personal data for AI.

Does Encryption Enable GDPR Compliant Data Use?

Does Encryption Enable GDPR Compliant Data Use?

The IAPP published an article: Is encrypted data personal data under the GDPR? The article is a great summary of issues related to encryption as a means to protect data when not in use. The issues change, however, when a data controller wants to actually make use of the data.

What the Google 50 Million Euro GDPR Fine Means for Big Data Analytics

What the Google 50 Million Euro GDPR Fine Means for Big Data Analytics

Anonos BigPrivacy (www.anonos.com), announced today the following perspective on what the Google 50 Million Euro GDPR fine means for data insight driven companies.

What the Google 50 Million Euro GDPR Fine Means for Big Data Analytics.

What the Google 50 Million Euro GDPR Fine Means for Big Data Analytics.

The 50 Million Euro fine against Google demonstrates that the first wave of GDPR enforcement has begun.

This 2nd Edition of the Anonos BigPrivacy GDPR Blueprint provides updated information and examples of “Data Safe Havens” which are explicitly recognized combinations of GDPR legal & technical safeguards that maximise Big Data value by leveraging GDPR compliant pseudonymisation

Anonos Functional Separation, Blog and Video Highlights From Data Governance and Privacy Track at FIMA Europe: Europe's Leading Financial Data Management Event

Anonos Functional Separation, Blog and Video Highlights From Data Governance and Privacy Track at FIMA Europe: Europe's Leading Financial Data Management Event

Anonos (www.anonos.com), announced today a timely blog and six-minute video highlighting the critical need for "Functional Separation" to enable ongoing data innovation and value creation in compliance with GDPR and evolving data protection laws.

FIMA London - Summary Highlights from CDO Conference

FIMA London - Summary Highlights from CDO Conference

Functional separation is the answer to the issues raised during fima europe data governance & privacy track in london

Introduction to Functional Separation

Introduction to Functional Separation

I like to tell the story and it's very true. When people talk about European masters, we typically talk about artists. But if you want to know about data protection, the Europeans are the masters without question.

Anonos BigPrivacy Headlines Governance and Privacy Track at FIMA Europe: Europe's Leading Financial Data Management Event

Anonos BigPrivacy Headlines Governance and Privacy Track at FIMA Europe: Europe's Leading Financial Data Management Event

Anonos (www.anonos.com), announced today that Anonos Co-Founder & Chief Executive Officer, Gary LaFever, will be chairing the Governance and Privacy track at this year's FIMA Europe: Europe's Leading Financial Data Management Event with nearly 600 delegates from investment banks, asset management firms and central, retail and challenger banks.

SGS Partners with EuroPrivacy to Deliver the First Comprehensive Data Protection Certification for Demonstrating GDPR Compliance

SGS Partners with EuroPrivacy to Deliver the First Comprehensive Data Protection Certification for Demonstrating GDPR Compliance

Data protection has been at the forefront of corporate and regulatory discussions over the past several years. It reached a pivotal moment with the entry into force of the EU General Data Protection Regulation (GDPR) in May 2018.

Legal Compliant Analytics Under the GDPR

Legal Compliant Analytics Under the GDPR

The way your organisation has processed data for years – even for decades – may now create legal liability under the EU General Data Protection Regulation (GDPR).

Anonos Certified BigPrivacy Technology Transforms Data to Support Legal Big Data Analytics & AI Projects Under the GDPR

Anonos Certified BigPrivacy Technology Transforms Data to Support Legal Big Data Analytics & AI Projects Under the GDPR

Anonos (www.anonos.com), announced today that Anonos GM of the Americas, Adam Towvim, will keynote the Analytics presentation to over 300 Compliance, Data Governance and privacy professionals at the Global GDPR ConfEx.

Anonos BigPrivacy, the First GDPR Certified Technology, is Presenting at The European Big Data Forum About Maximising Legal and Compliant Big Data Value

Anonos BigPrivacy, the First GDPR Certified Technology, is Presenting at The European Big Data Forum About Maximising Legal and Compliant Big Data Value

Anonos (www.anonos.com), announced today that it is presenting at The European Big Data Value Forum ("EBDV") in Vienna Austria.

Anonos SaveYourData Software Officially Certified by EuroPrivacy Meets the Requirements of the EU General Data Protection Regulation (GDPR)

Anonos SaveYourData Software Officially Certified by EuroPrivacy Meets the Requirements of the EU General Data Protection Regulation (GDPR)

Anonos®, global leaders in data risk management, security and privacy, today announced that its SaveYourData® software has been evaluated and certified as complying with legal and technical requirements for pseudonymising data under the EU General Data Protection Regulation (GDPR).

My name is Gary LaFever and I will demonstrate how BigPrivacy technology enables lawful Big Data analytics.

Legality Of Health Analytics Under Global Data Protection Laws

Legality Of Health Analytics Under Global Data Protection Laws

Anonos, recently recognized by Gartner as a Cool Vendor for State of the Art Privacy Management technology, announced today that it is presenting at Health 2.0 – the leading showcase of cutting-edge innovation transforming the health care system.

Hitachi BigPrivacy GDPR Webinar July 2018

Hitachi BigPrivacy GDPR Webinar July 2018

Hello, today we are going to take a look at the top data privacy and sovereignty challenges that we keep seeing in the banks and insurance companies that we do business with. Does your firm face any of the following challenges?

Anonos BigPrivacy To Speak On GDPR Compliance Requirements And Illegal Analytics & Artificial Intelligence (AI) At Global Legal Conference

Anonos BigPrivacy To Speak On GDPR Compliance Requirements And Illegal Analytics & Artificial Intelligence (AI) At Global Legal Conference

Anonos, recently recognized by Gartner as a Cool Vendor for State of the Art Privacy Management Technology, announced today that it is presenting to over 300 Lawyers on GDPR Compliant Analytics & AI at the Global Legal ConfEx.

Anonos BigPrivacy Deploys Technology Allowing Companies to Legally Use and Share Data That Otherwise Is Illegal Under the GDPR

Anonos BigPrivacy Deploys Technology Allowing Companies to Legally Use and Share Data That Otherwise Is Illegal Under the GDPR

Named a Gartner Cool Vendor, Anonos Helps Analytics and Artificial Intelligence Companies Stay Legal

5G technologies will make it possible to interconnect with billions of devices and sensors globally, further fueling the growth of large scale dynamic decentralised/distributed data processing business models.

IAPP London Video Replay

IAPP London Video Replay

Just Because You're GDPR Compliant Does Not Mean You Can Use Your Data

Big Data Needs BigPrivacy: How to Legally Process, Use and Share Data Around the Globe to Avoid the Facebook Backlash

Big Data Needs BigPrivacy: How to Legally Process, Use and Share Data Around the Globe to Avoid the Facebook Backlash

The Facebook-Cambridge Analytica data scandal is a watershed moment that leaves many organizations wondering whether they can continue to collect, use and share personally identifying data for research/academic purposes and commercial/data analysis purposes.

5 Steps to Enable Compliant Analytics

5 Steps to Enable Compliant Analytics

Your company is not alone in its desire to engage in advanced analytics, data sharing, AI, and migration to the cloud. But, data uses are evolving faster than the capabilities of traditional privacy and security controls. You must technically enforce policy controls at the data element level or your company will be left alone when competitors are maximising compliant data use, sharing and migration to the cloud.

IDC Report on Anonos

IDC Report on Anonos

Anonos: Helping Businesses Become Data-Driven Without Compromising GDPR Compliance Obligations – IDC’s three key points in their report are as follows

Hitachi Breakfast Briefing On Compliant Data Analytics

Hitachi Breakfast Briefing On Compliant Data Analytics

Compliant Data Use and Sharing

I want to start by saying it truly is an honor to be here, and I want to highly recommend to everyone in the audience the papers and the research that Sophie and Alison have done on the need for dynamism for data protection. It is definitely worth looking at.

Three Game-Changing Impacts of the GDPR

Three Game-Changing Impacts of the GDPR

The GDPR is more than a law pertaining to EU residents – it is the breaking wave of a tsunami of transformational data processing restrictions evolving around the globe.

Health Privacy Summit

Health Privacy Summit

FPF DeID Summit

FPF DeID Summit

Hogan Lovells IP Innovation Summit

Hogan Lovells IP Innovation Summit

How To Continue Lawfully Using Historical Data Under The GDPR

How To Continue Lawfully Using Historical Data Under The GDPR

Starting next year, everything companies historically have done with the oceans of data they amass and process each day will become illegal, absent new technical controls.

Five Stages of GDPR Adjustment

Five Stages of GDPR Adjustment

This post includes new information responding to questions raised following publication of a prior version appearing in International Association of Privacy Professionals (IAPP) Privacy Perspectives.

Clock Ticks on EU Privacy Regulation

Clock Ticks on EU Privacy Regulation

For financial technologists who are looking for a distraction from MiFID II’s January 3, 2018, deadline, firms doing business with EU-based counterparties have less than 250 days to meet the EU’s General Data Privacy Regulation, which goes into effect on May 25, 2018.

The GDPR and Controlled Linkable Data

The GDPR and Controlled Linkable Data

Read the WhitePaper co-authored with ex-Microsoft Chief Privacy Counsel that has been downloaded by several thousand of your colleagues.

Don’t Lose Access to Data Analytics Under the GDPR

Don’t Lose Access to Data Analytics Under the GDPR

Read the summary / see the slides from this “Don’t Miss” webinar featuring the French CNIL - over 500 of your colleagues registered!

GDPR and the elevated role of compliance

GDPR and the elevated role of compliance

The EU’s General Data Protection Regulation is about to turn the compliance world on its head for all companies that collect or process personal data on EU citizens. Starting next year, everything companies historically have done with the oceans of data they amass and process each day will become illegal, absent new technical controls.

GDPR Requires Controlled Linkable Data to Comply With State of the Art and Proportionality Requirements

GDPR Requires Controlled Linkable Data to Comply With State of the Art and Proportionality Requirements

Without complying with new requirements under the General Data Protection Regulation (GDPR), organizations are prohibited from performing data processing activities that they have relied upon for many years – including personalization, customization, analytics, artificial intelligence, machine learning, and sharing data with third parties.

2 Alternatives to Consent for Big Data Analytics Under the GDPR

2 Alternatives to Consent for Big Data Analytics Under the GDPR

Under EU law, the right of “Protection of Personal Data” is an inalienable fundamental right that an individual cannot contract (or consent) away. Before the GDPR, having access to data was tantamount to having legal right to use the data.

3 GDPR Compliant Strategies to Maximize the Value of Big Data Analytics

3 GDPR Compliant Strategies to Maximize the Value of Big Data Analytics

The benefits of complying with new GDPR technical and organisational requirements extend beyond merely avoiding liability under EU law. The tremendous potential of big data analytics, artificial intelligence (AI) and machine learning require organisational and technical measures to enable data handling to support maximum lawful data value extraction on a global basis.

No, the GDPR Is Not Going to Slow Down the Digital Economy

No, the GDPR Is Not Going to Slow Down the Digital Economy

Back in 2014, WIRED magazine wrote that “data is the new oil of the digital economy.” And for the past three years, that has become a dominant refrain within the business world. In 2017, for example, The Economist wrote that “the world’s most valuable resource is no longer oil, but data.”

Why the GDPR Will Help – Not Hurt EU GDPR

Why the GDPR Will Help – Not Hurt EU GDPR

Understandably, corporations are becoming increasingly concerned about the impact of the European Union (EU) General Data Protection Regulation (GDPR), which is set to go into effect in May 2018.

The GDPR Locks Up Your Data. What’s the Solution?

The GDPR Locks Up Your Data. What’s the Solution?

Many companies aren’t yet aware that they are or will be doing anything wrong processing analytics or using historical data bases under the GDPR.

The GDPR Locks Up Your Data. What’s the Solution?

The GDPR Locks Up Your Data. What’s the Solution?

The General Data Protection Regulation (GDPR) is a transformative shift in privacy. In many respects, it signals a move away from a policy-based data governance approach to a technology-based approach that can enforce data protection policies for personal data.

The GDPR-Enabled Digital Economy Requires Controlled Linkable Data to Refine The New Oil

The GDPR-Enabled Digital Economy Requires Controlled Linkable Data to Refine "The New Oil"

A recent article in CPO Magazine entitled Challenges of Big Data Privacy for Today’s Innovative Enterprises notes that business analysts and venture capitalists refer to data as “the new oil” of the digital economy. The article concludes with the following paragraph:

GDPR Innovation Briefing

GDPR Innovation Briefing

Hi. Thank you for everyone. We appreciate you joining this GDPR Innovation Briefing. We have a very impressive host of panelists, and I know you're here to listen to them speak and answer questions that you have already proposed or will during the event. So we'll get started.

EU Privacy Rule Offers Silver Lining

EU Privacy Rule Offers Silver Lining

The EU’s General Data Privacy Regulation, which goes into effect in May 2018, may prove to be a greater boon than a bane for financial services firms globally. The regulation applies to organizations located in the EU as well as organization located outside of the EU that offer goods and services to or monitors the behavior of EU citizens.

Big Data in Healthcare and Life Sciences

Big Data in Healthcare and Life Sciences

BigPrivacy Technology Unlocks The Value of Health Big Data

IAPP Summit: BYOB (Bring Your Own Legal Basis)

IAPP Summit: BYOB (Bring Your Own Legal Basis)

Let me start off by why you can't do big data, which starts with “What is big data?” And so, big data when we use the term is iterative data analytics, artificial intelligence, and machine learning. By definition, it's asking that second, third, fourth, fifth, nth question that you don't know when you start off. That's the magic of big data. So, that is big data.

Anonos releases industry FAQs on GDPR

Anonos releases industry FAQs on GDPR

After releasing a recap of its recent IAPP web conference, Anonos has followed up with more information about the General Data Protection Regulation. Anonos CEO Gary LaFever, Hintze Law Partner and former Microsoft Chief Privacy Counsel and Assistant General Counsel Mike Hintze, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM, CIPT, FIP, and CNIL Director of Technology and Innovation Gwendal Le Grand answered the questions they could not address during the conference from the 600-plus privacy professionals who registered for the event.

GDPR Industry FAQs

GDPR Industry FAQs

Read Industry FAQs from the webinar featuring French CNIL and ex-Microsoft Chief Privacy Counsel - over 600 of your colleagues registered!

FAQs on GDPR Compliant Data Analytics Now Available

FAQs on GDPR Compliant Data Analytics Now Available

Industry GDPR FAQs on compliant big data analytics from the International Association of Privacy Professionals (IAPP) GDPR Big Data Analytics Webinar are now available.

On the five big data stages of adjustment to the GDPR

On the five big data stages of adjustment to the GDPR

With the EU General Data Protection Regulation just around the corner, companies managing risk and working with big data applications have much work to do to mitigate any compliance gaps.

The five big data stages of adjustment to the GDPR

The five big data stages of adjustment to the GDPR

On January 31, I took part in an IAPP-hosted webinar on managing risk and big data analytics under the EU General Data Protection Regulation alongside Gwendal Le Grand, the Director of Technology and Innovation at the CNIL, France's data protection authority, and Mike Hintze, former Microsoft chief privacy counsel and now partner at Hintze Law.

Anonos BigPrivacy Featured in Google Cloud Healthcare Solutions API Workshop

Anonos BigPrivacy Featured in Google Cloud Healthcare Solutions API Workshop

Anonos BigPrivacy is featured as part of the landmark workshop on how API technology can provide healthcare providers with the agility, innovation, and data interoperability required to meet new regulations and transform the patient and caregiver experience.

IAPP Web con recap: Maximizing big data while complying with the GDPR

IAPP Web con recap: Maximizing big data while complying with the GDPR

Anonos has released a recap of its recent IAPP web conference on ways companies can use big data while still complying with the General Data Protection Regulation.

Managing Risk and GDPR Compliant Data Analytics

Managing Risk and GDPR Compliant Data Analytics

A landmark webinar on managing risk and big data analytics under the EU General Data Privacy Regulation (GDPR), held in January in partnership with the International Association of Privacy Professionals (IAPP), is now available for replay, along with summary notes and the Q & A from the webinar.

Complying with the GDPR may not mean data value is diminished

Complying with the GDPR may not mean data value is diminished

Even though the General Data Protection Regulation will not be implemented until May 2018, businesses still have a lot to do before it comes into effect. A key question is whether it's possible for businesses to simultaneously comply with the regulation while ensuring they are maximizing the value of the data they have collected.

Maximizing data value while complying with GDPR may not be impossible

Maximizing data value while complying with GDPR may not be impossible

Even though the General Data Protection Regulation will not be implemented until May 2018, businesses still have a lot to do before it comes into effect.

Maximizing Data Utility Under GDPR

Maximizing Data Utility Under GDPR

Trying to solve a problem, determine the optimal course of action or make a critical decision in the absence of meaningful data not only is frustrating – it can yield undesirable outcomes. It’s like driving without a map or hiking without a compass, let alone precise GPS.

IAPP GDPR Data Analytics Webinar Replay

IAPP GDPR Data Analytics Webinar Replay

Welcome to the IAPP Web Conference on “How to Comply with the GDPR While Unlocking the Value of Big Data” brought to you today by Anonos. My name is Dave Cohen. I'm the IAPP’s Knowledge Manager, and I'll be your host for today's program.

Data Privacy Experts Reveal how to Comply with the EU General Data Protection Regulation (GDPR)

Data Privacy Experts Reveal how to Comply with the EU General Data Protection Regulation (GDPR)

Anonos Inc. (Anonos), in partnership with the International Association of Privacy Professionals (IAPP), announces a timely webinar on the impact of the EU General Data Privacy Regulation (GDPR) on global data analytics and artificial intelligence (AI).

Hintze, LaFever release white paper on the GDPR and data analytics

Hintze, LaFever release white paper on the GDPR and data analytics

Hintze Law's Mike Hintze, FIP, CIPM, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPT, and Anonos' Gary LaFever have released a white paper on balancing General Data Protection Regulation requirements with data analytic abilities.

On protecting health information with the blockchain

On protecting health information with the blockchain

The tech world is grappling with new reports that the so-called inventor of Bitcoin has finally been identified. An Australian national, Craig Wright told BBC News that he is the man previously known as Satoshi Nakamoto — an anonymous figure tech writers have been trying to identify for years.

Blockchain and big data privacy in healthcare

Blockchain and big data privacy in healthcare

As the volume of digital data proliferates in virtually every field, the potential value from analyzing it skyrockets—but so do associated privacy risks.

How Dynamic Data De-Identification Is a Bridge To the Future

How Dynamic Data De-Identification Is a Bridge To the Future

The idea that technology can actually help resolve international data privacy and security issues has been raised occasionally but has not been taken seriously.

Presentation at Dynamic Data Obscurity Workshop in Washington DC

Presentation at Dynamic Data Obscurity Workshop in Washington DC

This is not encryption. This is not Pseudonymisation. And yet, it's all of them. This is a different approach to both security and privacy. And so, I'm going to try to get you up to speed very quickly, but we will be here after the presentation during the launch.

What Anonymisation and the TSA Have in Common

What Anonymisation and the TSA Have in Common

What does the anonymization of data—the masking of private information by using a single, unchanging identifier to hide connections between data and data subject (also known as “static anonymity”)—have in common with the tiresome kabuki theater that the Transportation Security Administration (TSA) agency of the U.S. Department of Homeland Security requires us to go through at airport checkpoints?

Functional Separation

Functional Separation

Anonos Functional Separation is the state-of-art in “open-ocean” decentralized data enablement, privacy and security technology.

Pseudonymisation

Pseudonymisation

Pseudonymisation - as redefined in the GDPR - helps to achieve Functional Separation to

How GDPR Compliant Pseudonymisation Enables Functional Separation to Defeat the Mosaic Effect

What Constitutes Anonymous Data Under the GDPR? How is This Reinforced?

Legitimate Interests

Legitimate Interests

What is Required for Lawful Processing of Personal Data? What are the Legal Bases for Repurposing Data?

MicroSegmentation

MicroSegmentation

Please consider sharing this www.microsegmentation.com webpage with colleagues as we believe that answers to the four questions below, that Anonos asked in its comment letter submitted in response to the ICO's proposed draft Direct Marketing Code of Conduct, are critical for the benefit of society and industry.

ENISA Guidelines

ENISA Guidelines

GDPR Pseudonymisation: State-of-the-Art Technical & Organisational Controls to Achieve Functional Separation

ICO Comment Letters

ICO Comment Letters

IAF and Anonos Comment Letters on ICO Draft Code of Practice for Direct Marketing

Code of Conduct on the use of GDPR compliant Pseudonymisation

General Data Protection Regulation (GDPR)

Contact us to learn more:

By clicking submit, you agree to our

*Schrems II refers to the ruling by the Court of Justice of the European Union in Case C-311/18 - Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems, commonly referred to publicly as “Schrems II.” Use of "Schrems II" in no way indicates any relationship or affiliation with, or endorsement by, Max Schrems or by the Non-Governmental Organisation, None of Your Business (NOYB), or any parties directly or indirectly associated with Max Schrems or NOYB.