Until 16 July 2020, personal data could be transferred to the USA on the basis of the EU-US Privacy Shield agreement.
Personal data may in principle only be transferred to third countries (countries outside the European Union (EU) if the level of protection guaranteed by the General Data Protection Regulation (GDPR) is not undermined. In its judgment of 16 July 2020 (Case C 311/18 - "Schrems II"), the ECJ declared this Privacy Shield implementing decision invalid.
Cloud Compliance Check
Executives are obliged to check in which cases personal data is transferred to third countries and on what legal basis. This inventory should also include engaged system processors who may transfer personal data to a third country.
Since this verification is not possible through manual investigations alone, due to the complex IT cloud infrastructure of most companies, DECOMPLEXITY Europe offers companies an automated process to verify the Schrems II impact on data storage and data transfer in MS365 cloud environments, since a very high proportion of medium-sized companies and corporations rely on these Microsoft solutions.
Further information about this automated compliance scan: