1. 程式人生 > >AWS and the General Data Protection Regulation (GDPR)

AWS and the General Data Protection Regulation (GDPR)

European Union image

Just over a year ago, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). The GDPR is the biggest change in data protection laws in Europe since the 1995 introduction of the European Union (EU) Data Protection Directive, also known as Directive 95/46/EC

. The GDPR aims to strengthen the security and protection of personal data in the EU and will replace the Directive and all local laws relating to it.

AWS welcomes the arrival of the GDPR. The new, robust requirements raise the bar for data protection, security, and compliance, and will push the industry to follow the most stringent controls, helping to make everyone more secure. I am happy to announce today that all AWS services will comply with the GDPR when it becomes enforceable on May 25, 2018.

In this blog post, I explain the work AWS is doing to help customers with the GDPR as part of our continued commitment to help ensure they can comply with EU Data Protection requirements.

What has AWS been doing?

AWS continually maintains a high bar for security and compliance across all of our regions around the world. This has always been our highest priority—truly “job zero.” The AWS Cloud infrastructure has been architected to offer customers the most powerful, flexible, and

secure cloud-computing environment available today. AWS also gives you a number of services and tools to enable you to build GDPR-compliant infrastructure on top of AWS.

One tool we give you is a Data Processing Agreement (DPA). I’m happy to announce today that we have a DPA that will meet the requirements of the GDPR. This GDPR DPA is available now to all AWS customers to help you prepare for May 25, 2018, when the GDPR becomes enforceable. For additional information about the new GDPR DPA or to obtain a copy, contact your AWS account manager.

In addition to account managers, we have teams of compliance experts, data protection specialists, and security experts working with customers across Europe to answer their questions and help them prepare for running workloads in the AWS Cloud after the GDPR comes into force. To further answer customers’ questions, we have updated our EU Data Protection website. This website includes information about what the GDPR is, the changes it brings to organizations operating in the EU, the services AWS offers to help you comply with the GDPR, and advice about how you can prepare.

Another topic we cover on the EU Data Protection website is AWS’s compliance with the CISPE Code of Conduct. The CISPE Code of Conduct helps cloud customers ensure that their cloud infrastructure provider is using appropriate data protection standards to protect their data in a manner consistent with the GDPR. AWS has declared that Amazon EC2, Amazon S3, Amazon RDS, AWS Identity and Access Management (IAM), AWS CloudTrail, and Amazon Elastic Block Storage (Amazon EBS) are fully compliant with the CISPE Code of Conduct. This declaration provides customers with assurances that they fully control their data in a safe, secure, and compliant environment when they use AWS. For more information about AWS’s compliance with the CISPE Code of Conduct, go to the CISPE website.

As well as giving customers a number of tools and services to build GDPR-compliant environments, AWS has achieved a number of internationally recognized certifications and accreditations. In the process, AWS has demonstrated compliance with third-party assurance frameworks such as ISO 27017 for cloud security, ISO 27018 for cloud privacy, PCI DSS Level 1, and SOC 1, SOC 2, and SOC 3. AWS also helps customers meet local security standards such as BSI’s Common Cloud Computing Controls Catalogue (C5) that is important in Germany. We will continue to pursue certifications and accreditations that are important to AWS customers.

What can you do?

Although the GDPR will not be enforceable until May 25, 2018, we are encouraging our customers and partners to start preparing now. If you have already implemented a high bar for compliance, security, and data privacy, the move to GDPR should be simple. However, if you have yet to start your journey to GDPR compliance, we urge you to start reviewing your security, compliance, and data protection processes now to ensure a smooth transition in May 2018.

You should consider the following key points in preparation for GDPR compliance:

  • Territorial reach – Determining whether the GDPR applies to your organization’s activities is essential to ensuring your organization’s ability to satisfy its compliance obligations.
  • Data subject rights – The GDPR enhances the rights of data subjects in a number of ways. You will need to make sure you can accommodate the rights of data subjects if you are processing their personal data.
  • Data breach notifications – If you are a data controller, you must report data breaches to the data protection authorities without undue delay and in any event within 72 hours of you becoming aware of a data breach.
  • Data protection officer (DPO) – You may need to appoint a DPO who will manage data security and other issues related to the processing of personal data.
  • Data protection impact assessment (DPIA) – You may need to conduct and, in some circumstances, you might be required to file with the supervisory authority a DPIA for your processing activities.
  • Data processing agreement (DPA) – You may need a DPA that will meet the requirements of the GDPR, particularly if personal data is transferred outside the European Economic Area.

AWS offers a wide range of services and features to help customers meet requirements of the GDPR, including services for access controls, monitoring, logging, and encryption. For more information about these services and features, see EU Data Protection.

At AWS, security, data protection, and compliance are our top priorities, and we will continue to work vigilantly to ensure that our customers are able to enjoy the benefits of AWS securely, compliantly, and without disruption in Europe and around the world. As we head toward May 2018, we will share more news and resources with you to help you comply with the GDPR.

– Steve

相關推薦

AWS and the General Data Protection Regulation (GDPR)

Just over a year ago, the European Commission approved and adopted the new General Data Protection Regulation (GDPR). The GDPR is the big

【論文:麥克風陣列增強】Speech Enhancement Based on the General Transfer Function GSC and Postfiltering

res transient ice ges nal gen image 增強 reg 作者:桂。 時間:2017-06-06 16:10:47 鏈接:http://www.cnblogs.com/xingshansi/p/6951494.html 原文鏈接:http

【Python學習筆記】Coursera課程《Using Python to Access Web Data》 密歇根大學 Charles Severance——Week6 JSON and the REST Architecture課堂筆記

學習 except for num string net none input 網上 Coursera課程《Using Python to Access Web Data》 密歇根大學 Week6 JSON and the REST Architecture 13.5 Ja

Streaming System 第二章:The What- Where- When- and How of Data Processing

本文由《Streaming System》一書第二章的提煉翻譯而來,譯者才疏學淺,如有錯誤,歡迎指正。轉載請註明出處,侵權必究。 本章主要介紹魯棒的處理亂序資料的核心概念,這些概念的運用使流處理系統超越批處理系統的關鍵所在。 路線圖 上一章中,我們介紹了兩個非常關鍵的概念: 事件時間和處理時間,

Ansible and the AWS CLI: No module, no problem

Ansible and the AWS CLI: No module, no problemTips on integrating the AWS CLI when Ansible modules are letting you downIf you have picked up Ansible as a t

PyTorch 1.0 preview now available in Amazon SageMaker and the AWS Deep Learning AMIs

Amazon SageMaker and the AWS Deep Learning AMIs (DLAMI) now provide an easy way to evaluate the PyTorch 1.0 preview release. PyTorch 1.0 adds seam

Backup and Data Protection Solutions

The exponential growth of data worldwide has made managing backups more difficult than ever before. With traditional methods such as tape librari

Data Science and the Art of Producing Entertainment at Netflix

Data Science and the Art of Producing Entertainment at NetflixNetflix has released hundreds of Originals and plans to spend $8 billion over the next year o

Obama, Trump, and the Regulation of Artificial Intelligence

Near the end of his second term, President Obama announced a series of workshops and government working groups tasked with “Preparing for the Future of

AWS re:Invent and the 5 fronts of the cloud arms race

For the last six years running, the most important event in cloud computing has been AWS re:Invent, where the market leader announces its latest improvemen

Quickly build, test, and deploy your data lake with AWS and partner solutions

Performing data science workloads on data from disparate sources – data lake, data warehouse, streaming, and more – creates challenges f

Understand the Differences Between AWS and AISPL Accounts

Amazon Web Services is Hiring. Amazon Web Services (AWS) is a dynamic, growing business unit within Amazon.com. We are currently hiring So

Announcing AWS Amplify and the AWS Mobile CLI

The JavaScript ecosystem is thriving. Every day there are new use cases and functionality across web and mobile ecosystems. Developers are buildin

Resilience Data Analytics Tool and the Cloud Help Humans Survive and Thrive

On the topic of resilience—the ability to withstand, respond and adjust to chronic or acute stressors— there are a lot of data sets out there on s

AWS Marketplace: CTERA Cloud Server Data Protection

The CTERA Cloud Server Data Protection Platform is a multi-tenant backup solution for enterprise organizations deploying and managing applications

論文翻譯:Speech Enhancement Based on the General Transfer Function GSC and Postfiltering

論文地址:基於通用傳遞函式GSC和後置濾波的語音增強 部落格作者:凌逆戰 部落格地址:https://www.cnblogs.com/LXP-Never/p/12232341.html   摘要   在語音增強應用中,麥克風陣列後置濾波可進一步減少波束形成器輸出處的噪聲成分。在麥克風陣

LightOJ 1341 Aladdin and the Flying Carpet(唯一分解定理)

void 都是 scanf esp for space tar sqrt lld http://lightoj.com/volume_showproblem.php?problem=1341 題意:給你矩形的面積(矩形的邊長都是正整數),讓你求最小的邊大於等於b的矩形的個

HDU 1028 Ignatius and the Princess III dp

cep 大數 style code 代碼 des for each 狀態轉移方程 遞推 題目鏈接:http://acm.hdu.edu.cn/showproblem.php?pid=1028 一道經典題,也是算法設計與分析上的一道題,可以用遞推,動態規劃,母函數求解,我用的

Ignatius and the Princess III(杭電1028)(母函數)

mission des panel mes content nat strong pro accepted Ignatius and the Princess III Time Limit: 2000/1000 MS (Java/Others) Memory L

Harry Potter and the Goblet of Fire

opaque 外殼 葡萄酒 revel luna 道德 說明 剪裁 指揮 書名:Harry Potter and the Goblet of Fire 作者:J.K. Rowling 篇幅: 752頁 藍思值:880L 用時: 17天 工具: