Schrems II Judgement: Use of Microsoft 365 no longer GDPR compliant!

Uncertainty following overturning of the US Privacy Shield by the European Court

On 16 July 2020, the European Court of Justice issued the so-called Schrems II judgement, thus overturning the US Privacy Shield. This regulated – as a successor agreement to the Safe Harbor Agreement – the protection of personal data transferred from Europe to the USA.

Since this judgement, there has been far-reaching uncertainty regarding the use of US cloud services. Initially, clear guidelines and directives were sought in vain. However, more and more data protectors are venturing out of cover and making clear demands for GDPR compliant use of widespread applications such as Microsoft 365 or Salesforce.


Consequences of the Schrems II Judgement

What does the Schrems II ruling mean for companies in practice?

Find out in the german-speaking Netzpalaver-Interview with our CEO Elmar Eperiesi-Beck and Guenter Esch, Managing Director at SEPPmail, how legally compliant working in the cloud is easily possible even without US Privacy Shield.


By loading the video, you agree to YouTube's privacy policy.
Learn more

Load video


Data Protectors recommend Pseudonymization

One of the demands of the data protectors is the pseudonymization of personal data. If only illegible data is stored in the cloud, unauthorized third parties cannot establish a personal reference and thus cannot use the data.

Simple and pragmatic solutions for pseudonymization and (quasi) anonymization of data already exist today. The important functionalities of cloud applications are not restricted, the performance of the systems is maintained. This is also stated by TeleTrust in its handbook on the “state of the art” in IT security (German).

Important statements and recommendations by data protectors for data transfer to the USA:

Pseudonymization and anonymization are necessary as additional protective measures (especially with Standard Contract Clauses).