Skip to Content

Cloud Migration & GDPR: Cross-border Data Transfers and Schrems II impact

Up to July 2020, the EU-US Privacy Shield agreement helped regulate the GDPR compliance of many organizations transferring personal data using services from US vendors. Then the Court of Justice of the European Union (CJEU) pronounced the Schrems II verdict, invalidating the Privacy Shield and opening a period of uncertainties.

As more and more organizations are extending their use of US-based cloud services, clarity is needed on how they can comply with privacy regulations, without weakening their digitalization programs and losing the competitive advantage provided by advanced cloud platforms.

This whitepaper presents these developments and suggests elements of the solution and a pragmatic approach to implementing safeguards. Specifically, the following topics are addressed:

  • The context of cloud adoption
  • The impact of the Schrems II ruling on the usage of cloud services, especially from providers subject to US regulations
  • An overview of recommendations from the European Data Protection Board (EDPB)
  • Capgemini’s methodology to assess and implement necessary measures in a practical and pragmatic way

Read more in our Whitepaper.


Yannick Martel, Vice President, Artificial Intelligence & Analytics at Capgemini

Robert Kreuger, Managing Consultant at Capgemini