Chad Woolf, Vice President of AWS Security Assurance at Amazon, said yesterday he was very “pleased to announce that AWS services comply with the General Data Protection Regulation (GDPR).”
Amazon says they have completed the GDPR service readiness audit, validating that all generally available services and features adhere to the high privacy bar and data protection standards required of data processors by the GDPR. “We completed this work two months ahead of the May 25, 2018, enforcement deadline in order to give customers and APN partners an environment in which they can confidently build their own GDPR-compliant products, services, and solutions,” said Chad Woolf.
Here the measures that AWS adopted:
- Encryption of personal data;
- Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services;
- Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing.
AWS also published a document called Navigating GDPR Compliance on AWS and created a website about GDPR.