GDPR is a General Data Protection Regulation is a significant new EU data protection regulation which is
work of 4 years by EU member and going to in effect by 25th May 2018 & it replaces the current EU data
Organization established in EU and organization without and EU Presence who target & monitor EU
individuals will comply with GDPR.
Fines are like 2% of company annual revenue or 10M Euro and 4% of company annual revenue or 20M
Euro either will be on the higher side if an organization fails to comply with GDPR.
Main Objective are
1 Control on Data,
Whether it’s a content like an image, audio,
video etc or personal data of a person. Organizations need to provide above 3 to an individual user.
Important terms which need to be on tips.
1 Data Subject : Person who is provided their personal data/info.
2. Controller: Organization who is managing the data.
3. Processor: where processing on data is carried on behalf of the controller. ie AWS
Both Controller and Processor have an obligation under GDPR.
Imp points in GDPR
1. Right to data portability
2. Right to be forgotten
3. Privacy by Design
4. Data breach notification within 72 Hours.
To fulfill GDPR an organization needs to Implement Technical and Organization Measures TOM’s which
1.Encryption on Personal data
2.Ensure ongoing confidentiality.
3.Ability to restore data in a timely manner in case of a Technical or physical incident.
4.Perform regular testing, assessment and evaluating.
What AWS Provides to make you GDPR Complaint.
1.Tools and services
2.Compliance Framework3. Partner Network which helps you to achieve GDPR
4. Data Protection Terms.
As other AWS Services GDPR is also a shared responsibility model and below are the 8 imp points on
which controller and processor to work together.
1. Legal compliance Both C and P
2. System security and data protection by design both C and P. AWS has tools to help you
3. Records of processing activities
5. Managing Data Subject content. Controller responsibility.
6. Manager Personal Data Deletion. Both C and P. AWS has tools
7. Managing personal data portability. Controller responsibility.
8. Security of Personal Data. Controller Responsibility.
AWS Tools which need to be in place.
1. Data Access Control: MFA, API request Authentication, Temporary access Token.
2. Geo Restrictions by Cloud Front.
3. Monitoring of access activities: Cloudtrail, Inspector, Macie, AWS Config, Amazon Gaurduty.
4. Data encryption: AES 256 server-side or KMS.
5. A strong compliance framework is already in place with AWS. Also, AWS is CISPE certified.
CISPE. Cloud Infrastructure Service Provider in Europe.
Few Article which needs to understand by us:
Article 24. The responsibility of Controller.
Article 28. Data Processor.
Article 35. About data collection lifecycle.
Article 32: Technical Measure.
Article 33: Notification.
Article 15: an Access request
Article 16: Right of correction.
Article 17: Right to be forgotten.Article 20: Right to Portability.
Also, I’m requesting you to have look at more info to get more info. Go through the Cloud provider GDPR Compliance documentation to know more.
The all above points are general guidance on GDPR please consult your legal department before taking any steps.
Help me to improve it more by contacting.