Preventing Data Supply Chain Issues Under the U.S. CLOUD Act & EU Law

Top Six Takeaways from the Webinar

The use of the U.S. cloud as part of organizational data supply chains is critical, and needs to continue for both operational and business reasons.
Joint and several liability and the shared responsibility model apply to the use of the cloud, for cloud providers and cloud users. Increasing technical protections such as through the use of Statutory Pseudonymization can reduce the risk of breach and help organizations more easily obtain cybersecurity insurance.
Schrems II and other guidance does not intend to prohibit the use of the U.S cloud; instead, compliant use is the intention by leveraging technical controls.
Access controls and encryption only protect data in transit and in storage, but most data is still processed in cleartext, leaving it vulnerable to breach.
The U.S. cloud can be used in a compliant manner with appropriate technical and organizational controls.
Statutory Pseudonymization allows EU-US transfers and compliant processing, including compliant further processing in the cloud for AI, ML and analytics.
Key Highlights
of the audience said the sharing and processing of data with other legal entities and third parties is necessary for their organizations.
of the audience also indicated that the potential liability from data supply chain partners failing to protect data when in use is an issue for them.
Full Webinar Replay
Presentation Slides
Slide - 1/29
Preventing Data Supply Chain Issues Under the US CLOUD Act & EU Supply Chain Law
Yes, You Can Use the Cloud in Compliance with Data Protection Laws!
Is the sharing and processing of data with legal entities/third parties necessary for your organization?
Are you exposed to liability from failures of your data supply chain partners to protect your data when in use?
Data supply chain partners increasingly demand proof of technical measures like Statutory Pseudonymization that protect data when in use to reduce risk and exposure from improper data processing and breach
What has Changed?
Why Statutory Pseudonymization?
Cloud Processing Challenges
GDPR Requirements
International Data Transfers
US Cloud Act
Corporate Sustainability & Due Diligence Obligations
US Hyper-Scaler Promises Are Not Enough by Themselves
Shared Responsibility Model1
Security for Data in Use Through Dynamic Enforcement of Use-Case Specific Statutory Pseudonymization Controls
Statutory Pseudonymization
Something New Under the Sun
Specifications for Statutory Pseudonymization
GDPR Statutory Pseudonymization EDPB Use Case 2: Transfer of Pseudonymized Data
It is Possible to Protect When in Use in Untrusted Environments
Statutory Pseudonymization with Data Embassy®: No Trade-off Between Data Protection and Data Utility
Anonos Data Embassy dynamic de-identification, pseudonymization and anonymization systems, methods and devices are protected by an intellectual property portfolio
Real-time Polling Questions
Statutory pseudonymization
How to join the “Statutory Pseudonymization” LinkedIn Group
Questions & Answers
Attention IAPP Certified Privacy Professionals
For questions on this or other IAPP Web Conferences or recordings or to obtain a copy of the slide presentation please contact:
Contact us
to learn more
NOTICE: By clicking the “Submit Inquiry” button above to submit this form, you provide explicit consent for Anonos and subsidiaries of Anonos to process the information you provide, including your name and email address: (i) to deliver our response to you; (ii) to provide related information to you; and (iii) via transfer and processing occurring outside of the European Economic Area, including within the USA; all in accordance with the terms of Anonos’ privacy policy available at If you do not wish to submit your information to Anonos for the processing explicitly authorized above, you should not submit this form. You may also contact Anonos at with any questions.