Is GDPR Supported by Amazon Web Services (AWS)?

Amazon Web Services (AWS) is a cloud platform service, a subsidiary of Amazon that includes more than 175  data centers around the world. AWS provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis.

In 2019, AWS reported 37% annual growth and represented 12% of Amazon’s revenue, rising from 11% in 2018 and an active users base of more than 1,000,000 accounts. These users include startups, big enterprises, and official government agencies.  One of the main selling points of  the service is lowers cost.

It is estimated that enterprise-scale users represent a minimum of 10% of that total userbase. All of this makes it important to consider the data privacy implications of using this as a solution.

In relation to the European Union’s General Data Protection Regulation (GDPR), there is an obligation on making sure that there is adequate security and safeguarding of the private personal data that your group is processing or sharing.  EU citizens have many rights under GDPR regulation, such as the Right to be Forgotten, Right of Access, Right of Data Portability and Privacy by Design and by Default. Companies worldwide processing EU customer data have the obligation to report data breaches within 72 hours of first being aware of the breach. They also need to appoint a Data Protection Officer (DPO). An intentional breach of GDPR can result in fines as high as €20m or 4% of annual global revenue for the previous year.

AWS services goes some of the way to allow you to achieve GDPR compliance with the configuration of security features including:

  • Having personal data encrypted
  • Ongoing testing, assessing, and gauging the resilience of technical and group-wide measures for ensuring the safety of data processing
  • Restoration of, and access to, personal data in a timely fashion if a physical or technical incident makes this necessary
  • Ongoing confidentiality, integrity, availability, and resilience of processing systems and platforms

You can read more about this here. The provisions put in place by AWS are a range of security solutions that were created to ensure compliance with GDPR.