Life Sciences

Navigating GDPR Compliance on AWS

Issue link:

Contents of this Issue


Page 6 of 31

Amazon Web Services Navigating GDPR Compliance on AWS 2 AWS Data Processing Addendum (DPA) AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA), which enables customers to comply with GDPR contractual obligations. The AWS GDPR DPA is incorporated into the AWS Service Terms and applies automatically to all customers globally who require it to comply with the GDPR. The Role of AWS Under the GDPR Under the GDPR, AWS can be both a data processor and a data controller. AWS as a Data Processor When customers and AWS Solution Providers use AWS services to process personal data in their content, AWS acts as a data processor. Customers and AWS Solution Providers can use the controls available in AWS services, including security configuration controls, to process personal data. Under these circumstances, the customer or AWS Solution Providers may act as a data controller or a data processor, and AWS acts as a data processor or sub-processor. The AWS GDPR-compliant Data Processing Addendum (DPA) incorporates the commitments of AWS as a data processor. AWS as a Data Controller When AWS collects personal data and determines the purposes and means of processing that personal data, it acts as a data controller. For example, AWS stores account information as a data controller for account registration, administration, services access, customer contact, and support. Under Article 32, controllers and processors are required to "implement appropriate technical and organizational measures" that consider "the state of the art and the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons". The GDPR provides specific suggestions for what types of security actions may be required, including: • The pseudonymization and encryption of personal data. • The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.

Articles in this issue

Links on this page

view archives of Life Sciences - Navigating GDPR Compliance on AWS