Anonos technology solves international cross-border legal challenges, enabling the highest data protection levels, accuracy, and utility on a global scale.10
Schrems II fundamentally changes how data-driven global business must be conducted to be lawful. Hundreds of companies attended Anonos’ Schrems II webinars, including regulators, industry experts, and leading nongovernmental organisations (NGOs). Numerous stakeholders asked Anonos to answer the following two questions:
The answer to both questions is yes.
- Can Anonos help me to legally process data using US-based cloud (and other) technology companies and still comply with Schrems II?
- Can Anonos technology help my organisation reduce risk exposure and ensure predictable business operations now that the UK is no longer part of the EU and is subject to the UK GDPR?11
Variant Twin technology enables Lawful Borderless Data for international cross-border transfers and processing using SCCs in compliance with Schrems II.
It’s important to remember that the remedy for violating Schrems II requirements is injunctive termination of processing
, rather than the assessment of penalties.13 This highlights the risk of immediate disruption to business operations that comes from non-compliance.
The imposition of injunctions shifts the burden of proof onto organisations to regain the right to process data and get the injunction removed. This is a significant change from the fines-based penalties resulting from GDPR violations levied in the past.
In addition, waiting to establish a defensible position for using US-based and other non-EEA cloud, SaaS, and outsourcing solutions (including UK providers) creates the risk of personal exposure for Board members and officers.14 Auditors are obligated to report non-compliance to authorities
, and are also becoming increasingly aware of Schrems II data protection audit requirements.15
Contracts, policies, and treaties do not provide the technical controls required for Schrems II compliance, and this issue is time-critical. Organisations should implement European Data Protection Board (EDPB) recommended technical controls to comply with Schrems II, such as GDPR-compliant Pseudonymisation.