TECH SUPPLIER Feb 2021 - Market Perspective - Doc # EUR147388321
The European Privacy Implications of the Schrems2 Ruling on Cloud Service Providers
This IDC Market Perspective discusses the European court ruling invalidating the EU-US Privacy Shield — known as the Schrems2 decision — and its impact on organizations' international data transfer practices under the GDPR. It explores the regulatory and compliance complexity arising from the ruling and provides a high-level overview of the measures public cloud providers are adopting to address customer's compliance concerns.
"The legal and compliance implications arising from the Schrems2 ruling will continue to play out in 2021. Given the restrictive regulatory landscape, organizations are vetting their cloud service providers to determine the adequacy of the legal, privacy, and security safeguards they provide," said Ralf Helkenberg, research manager, European Privacy and Data Security. "Cloud vendors will need to build in security and privacy compliance-enabling features to ensure customer requirements around international data transfers are met."