Does Amazon Web Services (AWS) support GDPR?

Question

Which AWS services are GDPR ready? Can I build and run GDPR compliant applications on AWS?

Answer 1

All AWS Services can be used in compliance with GDPR

Many requirements under the GDPR focus on ensuring effective control and protection of personal data. AWS services give you the capability to implement your own security measures in the ways you need in order to enable your compliance with the GDPR, including specific measures such as:

• Encryption of personal data
• Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing

This is an advanced set of security and compliance services that are designed specifically to handle the requirements of the GDPR. There are numerous AWS services that have particular significance for customers focusing on GDPR compliancea and AWS has 500+ features and services focused on security and compliance.

For more information, have a look at the AWS GDPR Center .

The AWS Shared Responsibility Model and GDPR

AWS has a shared responsibility model with the customer and this doesn't change under GDPR. AWS is responsible for securing the underlying infrastructure that supports the cloud and the services provided; while customers, acting either as data controllers or data processors , are responsible for any personal data they put in the cloud.

You can find more information about the shared responsibility under GDPR in the AWS Security Blog .