The Schrems II decision will have a great impact on international commerce among companies doing business with the European Union (EU). The consequence of not paying attention to Schrems II could literally mean a partial or complete shut-down of data transfers between EU and non-EU countries, which could impact the bottom line of any global company. However, the level of the impact depends on the location of the company, the industry vertical it is part of, and the strategic privacy planning that company has done for sustaining compliance with General Data Protection Regulation (GDPR).
GDPR requires businesses to protect the personal data and privacy of European Union (EU) citizens, for any transactions that occur within EU member states. GDPR also regulates exportation of personal data outside the EU to some extent. But, there are gaps in its enforcement of transactions flowing outside the EU, which are addressed by the Schrems II ruling.
This white paper describes how multinational companies can adhere to the European Data Protect Board’s recommendations to address Schrems II ruling, using a trusted privacy framework provided by the industry leading data protection and trusted access management platforms from Thales.