Overview
Transatlantic data flows have been the main pillar of digital commerce between the United States (US) and European Union (EU).
The EU–US Privacy Shield was a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Privacy Shield made it easier for US Companies to receive personal data from EU entities.
What is the Schrems II Ruling?
The Schrems II ruling invalidated the EU-US Privacy shield and other prior laws that are similar like Safe Harbor, and ruled that it did not adequately protect EU citizens’ data as per EU General Data Protection (GDPR) regulations when PII data flows between the European Union and United States. What this essentially means is that companies residing in the EU now need to take measures on their own to protect the confidential customer data and are no longer protected from liability.
The European Data Protection Board (EDPB), set up by the EU, provides these six recommendations to offset the Schrems II ruling and to secure privacy of global data flows to comply with GDPR.
Fortanix Data Security Manager delivers a cloud-scale pervasive data security platform that provides cryptographic services, secrets management, and tokenization across cloud and on-premises environments from a single centralized point of management, control, and audit. Organizations can create a control layer between the data controller and the data processors to help meet GDPR requirements around data audit, control, and erasure.
How Fortanix can help you meet Schrems compliance
Data Security as a Service (DSaaS) platform to protect sensitive data wherever its residing.
Once the data exporter knows where the sensitive data is residing, they are required to safeguard this data. Fortanix provides a Data Security as a Service (DSaaS) platform with integrated hardware security module (HSM), key management, encryption, shared secrets, and tokenization capabilities.
Fine-grained access controls for users, data and global logging.
Only the authorized processor is given access to the encryption keys of the sensitive data and only for a specified duration of the business case. All access to personal data is automatically logged in a centrally viewable tamper-proof global audit trail by Fortanix. There is never any dispute about who accessed which data and when.
Centralized key management and security policies across on-premises and multi-cloud.
Regulations, such as the GDPR have dramatically increased pressure on organizations to review and revamp their Enterprise Key Management strategy. Fortanix delivers full key lifecycle management as a service to ensure secure and consistent key management across on-premises and multicloud environments. Applications and databases standardize on a single source of cryptographic services, and security teams get a single pane of glass for management.
Control and monitor access to data and encryption keys.
Fortanix provides organizations with the option to bring your own key (BYOK), bring your own key management service (BYOKMS) and bring your own encryption (BYOE), also known as hold your own key (HYOK). Fortanix allows businesses to retain control and management of encryption keys with centralized management, consistent access control policy and centralized audit logs. With BYOKMS and BYOE, customers can also store cloud keys externally to help meet the most stringent compliance requirements.
Vice President Analyst
Gartner