Episode 6: Data Beyond Borders: The Schrems II Aftermath
Are the current rules and regulations for securing information and maintaining privacy fit for purpose when you think about the future? Do you think work and lifestyle changes brought about by Covid-19 will have a regulatory impact that we need to plan for?
Neira discusses these questions with Enza Iannopollo, Senior Analyst at Forrester and Thales’ own Mukesh Chandak, Business Development Director.
On July 16, 2020 the Court of Justice of the European Union issued the Schrems II decision in the case Data Protection Commission v. Facebook Ireland. That decision invalidates the European Commission’s adequacy decision for the EU-U.S. Privacy Shield Framework, on which more than 5,000 U.S. companies rely to conduct trans-Atlantic trade in compliance with EU data protection rules.
The decision also impacts other personal data transfers from Europe to the U.S. The decision requires companies and regulators to conduct case-by-case analyses to determine whether foreign protections concerning government access to data transferred meet EU standards.
In the aftermath of the Schrems II decision, Neira Jones asked me to join Enza Iannopollo, senior analyst at Forrester, for the sixth episode of the Thales Security Sessions podcast to discuss data transfers in the post-Schrems II and post-Brexit era. The objective of the podcast was to examine how the current rules and regulations for securing information and maintaining privacy will impact our future. In addition, we tried to investigate whether the work and lifestyle changes brought about by COVID-19 will have a regulatory impact that organizations need to plan for.
The truth is that the Schrems II decision will have a great impact not only in the U.S. but also across the world. The termination of the data transfer from EU to other countries could literally mean a partial or complete shutdown of that business or maybe the whole company. However, the level of the impact depends on the geography and the vertical of each organization and the strategic privacy planning they have done for sustaining compliance with GDPR.
On the other hand, the work from home initiatives because of the pandemic have grown the businesses’ appetite to adopt public cloud infrastructures. This increased reliance coupled with the EU – UK post-Brexit agreement and the EDPS guidance for business to perform a risk assessment before transferring data, creates a new environment. Businesses may have to supplement contractual clauses and legal remedies with technical controls to ensure that data transfers are transparent, safe and lawful. These safeguards should cater to both direct data transfers and transfers performed by a third-party.
It is therefore important to use solutions that identify and classify all data owned by an organization, as not all data are created equal and some categories warrant heightened protection. Data classification will help reduce the level of complexity for protecting data either at rest or in transit. Data protection is a market differentiator, because consumers care about their data and how it is being handled by companies… and they are taking action to protect it.
In addition, data protection, security-by-design, transparency, accountability, and responsible development policies and practices should be at the heart of deploying emerging technologies to reduce their impact in marginalization and discrimination of social groups.
If you would like to delve into how recent developments affect data beyond borders, listen to our Security Session podcast, Episode 6: Data Beyond Borders: The Schrems II Aftermath.
Our Host

Neira advises organisations of all sizes on payments, fintech, regtech, cybercrime, information security, regulations (e.g. PSD2, GDPR, AML) & digital innovation. With more than 20 years in financial services & technology, she believes in change through innovation & partnerships and always strives to demystify the hype surrounding current issues. She enjoys her work as a strategic board advisor and non-executive director. She also provides coaching, training/e-learning, speaking, payment security expert witness services, and helps with M&As cybersecurity due diligence. She likes engaging on social media & regularly addresses global audiences in person or virtually.
She is the 1st Advisory Committee member for PCI-Pal, a global leader in secure payments & chairs the Advisory Board for mobile innovator Ensygnia. She is proud to be an Ambassador for the Emerging Payments Association and a friend of the Global Cyber Alliance. You'll find her on the Refinitiv list of Top 100 Influencers in Financial Services, the Planet Compliance Top 50 RegTech Influencers, the SC Magazine list of the UK's 50 Most Influential Women in Cyber-Security 2019, the Cybersecurity Ventures Women Know Cyber 2019 (100 Fascinating Women Fighting Cybercrime), the Jax Finance Top 20 Social Influencers in Fintech 2017, the City AM Powerful Women in the City List, the Richtopia Top 100 Most Influential People in Fintech. Tripwire nominated her "Top Influencer in Security To Follow on Twitter" in January 2015, CEOWorld Magazine nominated her Top Chief Security Officer to Follow on Twitter in April 2014, she is the Merchant Payments Ecosystem Acquiring Personality of the Year 2013, the SC Magazine Information Security Person of the Year 2012 and is an InfoSecurity Europe Hall of Fame alumni. She was voted to the Top 10 Most Influential People in Information Security by SC Magazine & ISC2 in 2010 & has served on the PCI SSC Board of Advisors for 4 years. She is a British Computer Society Fellow.
Neira has previously worked for Barclaycard, Santander, Abbey National, Oracle Corp. and Unisys. Her clients span industry sectors, including financial services, fintech, retail, legal, consulting, information security & technology.
She loves technology and cars...
Our Guest Speakers

With almost a decade of experience in the fields of privacy and business technology, Enza contributes to shape and evolve Forrester's point of view on Privacy & Risk. She have developed thought leadership and produced research on compliance with data protection rules, privacy as a competitive differentiator, ethics, and risk management. Working closely with clients, she helps them embed privacy and ethics in their strategic initiatives, through approaches that deliver business growth, while protecting customers' and employees' trust and their brand reputation.
linkedin.com/in/enza-iannopollo-b633b64a
twitter.com/eiannopollo

Mukesh is Director of Business Development at Thales Cloud Protection and Licensing Business unit. In his current role he is responsible for driving business through strategic partnership with SaaS and other cloud solution providers. Mukesh brings 20 years of experience working in digital security industry encompassing various roles and responsibilities. Mukesh is tech savvy and has a great knack for deriving business application from technology. Mukesh has been fortunate to work in different market segment such as telecommunication, mobile payment, Automotive, IoT. He is now in cybersecurity business for last 3 years focusing on helping partners with data protection and security. Mukesh earned his Bachelor’s degree from IIT Bombay, India with major in Computer Science.

Security Sessions Podcast
For the latest on cloud & data security
This podcast series explores the technologies, people, and processes behind information security. We’ll delve into topics like data security, remote access and digital transformation, as well as the people and technology that make it all work behind the scenes. We’ll speak to Thales and industry experts to bring you fresh perspectives on how to navigate the world of cloud security.
We invite you to subscribe to Security Sessions, a podcast bringing you insights from industry experts on the latest cloud & data security news and trends.
Listen to Previous Podcasts
Episode 1: Real Threats for Real People – What has the pandemic taught us?
Are businesses being forced into digital transformation too quickly and therefore cutting corners? How to businesses adapt to the changing threat vectors as more valuable data gets pushed further out into the infrastructure due to remote working? These are some of the questions we are exploring with guests Rick Robinson and Todd Moore.
Learn More About Remote Access Challenges and Insider Threat Security
Episode 2: More digital, more risk: where is the trust?
More digital, means more ecommerce, more digital payments, more financial fraud and cybercrime and ultimately more risk. Many organisations within the payment sector are being pushed into digitisation more quickly as they move to operate online to keep cash flow – without doing necessary due diligence on the best solution or vendor and with security not really on their agenda. These are some of the issues we are exploring with guests Arthur van der Merwe and Simon Keates.
Episode 3: Do you know who I am? The digital identity challenge
More digital also means more interactions where the various parties are interacting without knowing each other. This is linked to the much needed focus on digital identity, IAM, CIAM, authentication, behavioural analytics. Has the pandemic forced people’s perception of digital identity to change as they have been forced to accept the digital transformation in their own lives? Our host Neira Jones discussed this topic with guests Sundaram Lakshmanan and Francois Lasnier.
Episode 4: Time for the crystal ball – What to expect in 2021
In this episode we are looking ahead at what we can expect in 2021 and reviewing how 2020’s remote working, separation from family and teams have changed us. Have a listen to some of the interesting insights from Neira’s guests, Troels Oerting, Chairman of the Board of the World Economic Forum’s Centre for Cybersecurity (C4C) and Ashvin Kamaraju, CTO and Vice President Engineering at Thales Cloud Protection & Licensing.
Episode 5: The Challenges of Digital Transformation
Many businesses have been forced to accelerate their digital transformation strategies due to the pandemic and doing it successfully has become a major challenge. What do organisations do to transform their infrastructure to where it needs to be from a technology standpoint? The new threats are here to stay – so what is the best DX practice from a technology point of view? How do you focus on the technology process and preservation of your infrastructure?
Episode 6: Data Beyond Borders: The Schrems II Aftermath
Are the current rules and regulations for securing information and maintaining privacy fit for purpose when you think about the future? Do you think work and lifestyle changes brought about by Covid-19 will have a regulatory impact that we need to plan for? Neira discusses these questions with Enza Iannopollo, Senior Analyst at Forrester and Thales’ own Mukesh Chandak, Business Development Director.