Schrems II Ruling

Comprehensive Data Protection Platform for GDPR compliance post Schrems II

Overview

Transatlantic data flows have been the main pillar of digital commerce between the United States (US) and European Union (EU).

The United States has a $60 billion surplus in services with the European Union – much of it built on the $1.3 trillion of transatlantic data flows.
Transatlantic data flows account for more than half of Europe’s data flows and about half of US data flows globally.

The EU–US Privacy Shield was a framework for regulating transatlantic exchanges of personal data for commercial purposes between the European Union and the United States. Privacy Shield made it easier for US Companies to receive personal data from EU entities.

What is the Schrems II Ruling?

The Schrems II ruling invalidated the EU-US Privacy shield and other prior laws that are similar like Safe Harbor, and ruled that it did not adequately protect EU citizens’ data as per EU General Data Protection (GDPR) regulations when PII data flows between the European Union and United States. What this essentially means is that companies residing in the EU now need to take measures on their own to protect the confidential customer data and are no longer protected from liability.

The European Data Protection Board (EDPB), set up by the EU, provides these six recommendations to offset the Schrems II ruling and to secure privacy of global data flows to comply with GDPR.

Fortanix Data Security Manager delivers a cloud-scale pervasive data security platform that provides cryptographic services, secrets management, and tokenization across cloud and on-premises environments from a single centralized point of management, control, and audit. Organizations can create a control layer between the data controller and the data processors to help meet GDPR requirements around data audit, control, and erasure.

How Fortanix can help you meet Schrems compliance

Data Security as a Service (DSaaS) platform to protect sensitive data wherever its residing.

Once the data exporter knows where the sensitive data is residing, they are required to safeguard this data. Fortanix provides a Data Security as a Service (DSaaS) platform with integrated hardware security module (HSM), key management, encryption, shared secrets, and tokenization capabilities.

Data Security as a Service (DSaaS) platform to protect sensitive data wherever its residing.

Fine-grained access controls for users, data and global logging.

Only the authorized processor is given access to the encryption keys of the sensitive data and only for a specified duration of the business case. All access to personal data is automatically logged in a centrally viewable tamper-proof global audit trail by Fortanix. There is never any dispute about who accessed which data and when.

Fine-grained access controls for users, data and global logging.

Centralized key management and security policies across on-premises and multi-cloud.

Regulations, such as the GDPR have dramatically increased pressure on organizations to review and revamp their Enterprise Key Management strategy. Fortanix delivers full key lifecycle management as a service to ensure secure and consistent key management across on-premises and multicloud environments. Applications and databases standardize on a single source of cryptographic services, and security teams get a single pane of glass for management.

Centralized key management and security policies across on-premises and multi-cloud.

Control and monitor access to data and encryption keys.

Fortanix provides organizations with the option to bring your own key (BYOK), bring your own key management service (BYOKMS) and bring your own encryption (BYOE), also known as hold your own key (HYOK). Fortanix allows businesses to retain control and management of encryption keys with centralized management, consistent access control policy and centralized audit logs. With BYOKMS and BYOE, customers can also store cloud keys externally to help meet the most stringent compliance requirements.

Control and monitor access to data and encryption keys.
Gartner Logo
quote iconTo increase customer trust, executive leaders need to build a holistic and adaptive privacy program across the organization and be proactive instead of responding to each jurisdictional challenge.
Bart Willemsen
Vice President Analyst
Gartner
quote icon
Fortanix-logo

4.6

star-ratingsgartner-logo

As of August 2023

SOC-2 Type-2ISO 27001FIPSGartner LogoPCI DSS Compliant

US

Europe

India

Singapore

3910 Freedom Circle, Suite 104,
Santa Clara CA 95054

+1 408-214 - 4760|info@fortanix.com

High Tech Campus 5,
5656 AE Eindhoven, The Netherlands

+31850608282

UrbanVault 460,First Floor,C S TOWERS,17th Cross Rd, 4th Sector,HSR Layout, Bengaluru,Karnataka 560102

+91 080-41749241

T30 Cecil St. #19-08 Prudential Tower,Singapore 049712