AMAZON AWS GDPR COMPLIANT

Security of Personal Data

At Amazon, security remains the highest priority, AWS constantly continues to innovate and invest in a high bar for security and compliance across all global operations. Amazon’s industry-leading functionality provides the foundation for our long list of internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5). AWS continues to pursue the certifications to assist the customers.

Compliance-enabling Services

Many requirements under the GDPR focus on ensuring effective control and protection of personal data. AWS services give its partners the ability to implement their own security measures in order to enable Partners compliance with the GDPR, including specific measures such as:

  • Encryption of personal data
  • Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
  • Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
  • Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing

Compliance-enabling Services

GDPR introduces adherence to a “code of conduct” as a mechanism for demonstrating sufficient guarantees of requirements that the GDPR places on data processors. In this context, we previously announced compliance with the CISPE Code of Conduct. The CISPE Code of Conduct provides partners & users with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use services from providers like AWS. More detail about the CISPE Code of Conduct can be found at: aws.amazon.com/compliance/cispe/

  • Amazon GuardDuty: a security service featuring intelligent threat detection and continuous monitoring
  • Amazon Macie: a machine learning tool to assist discovery and securing of personal data stored in Amazon S3
  • Amazon Inspector: an automated security assessment service to help keep applications in conformity with best security practices
  • AWS Config Rules: a monitoring service that dynamically checks cloud resources for compliance with security rules

AWS Compliance Program

Global

UNITED STATES

ASIA PACIFIC

EUROPE