Schrems II and what it means to protect customer data
Customers are increasingly interested in how their data is managed, protected and used. Data security and privacy is no longer just about complying with regulations, but also about building relationships of trust that enable customer loyalty and retention. This, in part, fueled the privacy activism movement led by Maximillian Schrems, who in 2015 and 2020 challenged the legality of Facebook sharing his Irish-resident personal data with the company’s US headquarters.
Schrems argued that the data transfers between the two countries did not provide “adequate protection” for his personal data, thus putting the data at risk of being intercepted and in violation of the General Data Protection Regulation (GDPR), as well as the Privacy Shield Framework. The resulting Schrems II ruling requires organizations and service providers to ensure that adequate controls are provided to protect customer data and privacy.
Cross-border data flows are critical for business growth
More than 65% of organizations transferring data outside the European Economic Area (EEA)), this is fast becoming a global issue affecting organizations in many regions, including the United Kingdom, Australia, and the US Requiring organizations to localize data hampers their ability to accelerate business growth and leverage global third-party technologies needed to stay ahead of the competition. The good news is that the US and the EU recently announced they are working on an agreement for a transatlantic data privacy framework. But what can organizations do today to better protect their customers and stay ahead of the next privacy regulation that comes their way, all without impacting business?
The Way Forward: Protecting Customers with Modern Capabilities from CIAM
Identity is the gateway to your organization, informing your customers’ first impressions of your business. Making the right decision about how data is protected and where it is stored is more important than ever. As your ecosystem moves to embrace the cloud and Hybrid ITyou will invariably wonder where the identity data is stored.
Protecting personal data requires organizations to have a layered approach to security that begins with a robust customer identity and access management (CIAM) platform that can manage, protect, and store data on the region of your choice. While there are many CIAM offerings on the market, most lack the necessary design and architecture to align with emerging data protection and privacy regulations.
So how can a modern CIAM architecture help you address data privacy and security requirements?
- Security and privacy by design: Modern CIAMs delivered as SaaS are designed for security, privacy, and data sovereignty. They ensure that data residing in the cloud is insured, readily availableand isolated of other customer (or tenant) data to minimize the risk of a cyber breach and protect against unauthorized access. Modern CIAM also allows you to implement access and rights configurations that enforce least privileged access to your identity data.
- Regional data isolation: The modern CIAM offers you the option of globally distributed data centers and offers the resiliency, performance, and scalability essential to grow your business. It enables you to isolate data residency within the regions of your choice to ensure compliance with local residency and data protection requirements, while also accelerating business growth.
- Secure data at rest and in transit: Ensuring that your customer data is encrypted on your local infrastructure is standard practice. But as it moves to the cloud, you’ll need to ensure that data is encrypted at rest and in transit with standard cryptographic technologies. CIAM’s modern solutions that isolate identity data in the cloud mitigate the “nosy neighbor” effect and the ability of other customers and third parties to gain malicious access to your identity data, thereby reducing the risk of account takeover (ATO) attacks.
ForgeRock Identity Cloud provides security and privacy by design through full tenant isolation, data sovereignty with worldwide regional isolation, and strong data encryption to ensure both storage and transmission of data is Schrems II compliant. This helps you reduce regulatory risks and compliance costs, while strengthening customer privacy and trust. Your customers deserve better protection. Learn how ForgeRock can help you today.