As cyber risks continue to intensify, consumer demand for data privacy is escalating at an impressive rate. In fact, since the arrival of GDPR (General Data Protection Regulation) in 2018, many other global regulations are also being reconsidered and redrafted. Countries such as China, Brazil, Russia and Australia are among the 76% of countries that have enacted some sort of data protection regulations in recent years. And now another ruling has been added to the mix: Schrems II – the legal verdict issued in July 2020 declaring the EU-US Data Protection Shield invalid.
Table of Contents
But wait, don’t panic! While this new ruling will likely throw a wrench into the works for organisations that were previously relying on the EU-US Data Protection Shield, it might also mean more legal predictability for European businesses…
So what is Schrems II exactly? How will it impact your data compliance? And what does it mean for Mopinion users? Keep reading to learn more…
What is Schrems II?
Schrems II is the verdict that was issued on July 16, 2020 by the EU Court of Justice declaring the EU-US Data Protection Shield invalid. The ruling also declared Standard Contractual Clauses (SCCs) valid, BUT organisations using SCCs could no longer just sign up and send. Data transfer must now be verified case by case so as to ensure the data is being protected adequately.
Previously thousands of organisations relied on the EU-US Data Protection Shield for trans-Atlantic trade; a framework which enabled them to easily transfer data while remaining in compliance with GDPR. However, due to the rising concerns regarding surveillance by US state and law enforcement agencies, there was question regarding whether the level of protection for European personal data was sufficient when processed by American organisations – which led to the Schrems II case in the first place.
What does this mean for European businesses?
Do you work with American organisations or other organisations that store their data outside of the EU? Then – according to Schrems II – your organisation will be required to conduct individual assessments of each data to transfer to ensure compliance.
Already relying on SCCs? Even these organisations will have to consider undertaking transfer assessments to determine whether those transfers meet the “essential equivalence” test. If they do not, then supplementary measures will need to be implemented. A real bump in the road, you could say…
But then again, there’s a silver lining to this all…
These tightened security measures may also create a more legal predictability for European organisations that are storing their data within the EU. If European companies decide to team up with organisations already storing their data in the EU, they’ll not only be spared the extra “paperwork” but also gain a more local and reliable (as it pertains to data) partner.
Sounds pretty attractive, right?
Is your data in the right hands?
Now if we look at the user feedback market specifically, there are a number of players that store data outside of the EU. This presents you – the data controllers – with the difficult decision of what to do next with your data, especially since most of the major players on European soil are owned or part of American companies. Will you jump through all of the hoops and try to get your organisation compliant with your existing partner? Or settle for an organisation that will make data security easy from the get go.
A secure and reliable user feedback partner
Mopinion, headquartered in The Netherlands (EU), has implemented a rigorous security program with its ISO 27001 certification – the security management standard that specifies security management best practices and comprehensive security controls following the ISO 27002 best practice guidance. Additionally all data is safely stored in Ireland (EU).
In addition to its data security measures, including ISO 27001 and various cybersecurity risk management efforts, i.e. regular pen testing, Mopinion also stands out from the crowd of user feedback tools with its intuitive user interface, extensive analysis possibilities and much more.