Issue link: https://read.uberflip.com/i/1191854
Amazon Web Services Navigating GDPR Compliance on AWS 6 The CISPE Code of Conduct The GDPR contemplates the approval of codes of conduct to help controllers and processors demonstrate compliance under the regulation. One such code that is awaiting official approval from EU data protection authorities is the CISPE Code of Conduct for Cloud Infrastructure Service Providers (the Code)4. The Code gives customers comfort that their cloud provider uses appropriate data protection standards, which are consistent with the GDPR. The following are a few key benefits of the Code: • Clarifies who is responsible for which aspects of data protection – The Code explains the role of both the cloud provider and the customer under the GDPR, specifically within the context of cloud infrastructure services. • Defines the principles providers must follow – The Code develops key principles in the GDPR about clear actions and commitments that providers should undertake to demonstrate their compliance with GDPR and help customers comply. Customers can use these concrete benefits in their own compliance and data protection strategies. • Gives customers the privacy and security information necessary to help them achieve their compliance goals – The Code requires providers to be transparent about the steps they are taking to deliver on their privacy and security commitments. A few of these steps include the implementation of privacy and security safeguards, notification of data breaches, data deletion, and transparency of third-party sub-processing. All of these commitments are verified by third party, independent monitoring bodies. Customers can use this information to fully understand the high levels of security provided. At the time of publication, AWS has registered Amazon EC2, Amazon Simple Storage Service (Amazon S3), Amazon Relational Database Service (Amazon RDS), AWS Identity and Access Management (IAM), AWS CloudTrail, and Amazon Elastic Block Store (Amazon EBS) as fully compliant with the Code. For more information, see CISPE Public Register. This provides AWS customers with additional assurances that they control their data in a safe, secure, and compliant environment when they use AWS. AWS compliance with the Code adds to the list of internationally recognized certifications and accreditations that AWS has achieved. This includes ISO 27001, ISO 27018, ISO 9001, SOC 1, SOC 2, SOC 3, PCI DSS Level 1, among others.