SlideShare a Scribd company logo

Navigating GDPR Compliance on AWS & Data Regulations in China

Amazon Web Services
Amazon Web Services

As the most stringent privacy regulation ever enacted, compliance with the General Data Protection Regulation (GDPR) has enterprise customers assessing their current mechanisms for deletion, PII detection, and customer consent. While on-prem, hybrid, and all-in environments involve different challenges, the AWS cloud offers services and features that are consistent with GDPR considerations, including encryption, pseudonymisation, confidentiality, resilience, and availability. In this webinar we’ll walk customers through potential GDPR obligations as well as the specific tooling and benchmarking that should be considered in the ramp-up to the May 25th, 2018 enforcement date. Also, we will top it up with data regulations in China you should be on the lookout for.

1 of 43
Download to read offline
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Webinar Navigating GDPR Compliance on AWS Iolaire McKinnon – Security, Risk & Compliance Amazon Web Services
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sponsor
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the GDPR? What is the GDPR?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection Regulation • Introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance across the EU • The GDPR is enforceable May 25th, 2018 and it replaces the EU Data Protection Directive (Directive 95/46/EC) • In scope: Organisations established in the EU and Organisations without an EU presence who target or monitor EU individuals What is the GDPR?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Content vs. Personal Data Content = anything that a customer (or any end user) stores, or processes using AWS services, including: Software ǀ Data ǀ Text ǀ Audio ǀ Video Personal Data = information from which a living individual may be identified or identifiable (under EU data protection law) • Customer’s “content” might include “personal data”
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilitates reuse. What Else Comes With GDPR?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. What Else Comes With GDPR?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. This helps to facilitate the inclusion of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data. What Else Comes With GDPR?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects. What Else Comes With GDPR?
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How AWS can help customers achieve GDPR compliance
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – A Shared Responsibility
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Data Protection – A Shared Responsibility
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Subjects Customer as Processor AWS as Processor Controllers and Processors have obligations under GDPR Customer’s customer as Controller Data Protection – A Shared Responsibility
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Legal Compliance (both controllers and processors) System Security and Data Protection by Design (both controllers and processors; AWS has tooling to help) Records of Processing Activities (both controllers and processors; AWS has tooling to help) Encryption (both controllers and processors; AWS has have tooling to help) Security of Personal Data (controller responsibility) Managing Data Subject Consent (controller responsibility) Managing Personal Data Deletion (both controllers and processors; AWS has tooling to help) Managing Personal Data Portability (controller responsibility) GDPR is also a Shared Responsibility
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Under GDPR Controllers and Processors are required to implement appropriate Technical and Organization Measures (“TOMs”) … (1) Pseudonymisation and encryption of personal data (2) Ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services (3) Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident (4) Process for regularly testing, assessing, and evaluating the effectiveness of TOMs GDPR in practice: implementing TOMs
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS services already comply with the GDPR AWS completed the entirety of our GDPR service readiness audit on March 26, 2018 - validating that all generally available services and features adhere to the high privacy bar and data protection standards required of data processors by the GDPR. What does this mean to you? Customers can deploy AWS services as a key part of their GDPR compliance plans.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tools and Services Compliance Framework Partner Network §§ Data Protection Terms§§ Implementing TOMs - What AWS provides to you
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services ‘Security of processing’‘Data protection by design and default’ ‘Records of processing activities’ AWS Storage Gateway Amazon Virtual Private Cloud (VPC) Amazon API Gateway AWS KMS AWS CloudHSM Amazon S3 Server-side Encryption AWS Identity and Access Management AWS CloudFormation AWS WAF Amazon CloudWatch AWS CloudTrail AWS Config
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The controller “shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.” AWS Identity & Access Management API-Request Authentication Temporary Access Tokens Implementing TOMs with AWS Services - Examples
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Access Control
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Access Control
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GDPR Compliance Tools “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.” CloudTrail Inspector Macie AWS Config Implementing TOMs with AWS Services - Examples
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Monitoring of Access Activities – AWS CloudTrail AWS CloudTrail
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Monitoring of Access Activities – Amazon GuardDuty Amazon GuardDuty
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Organizations must “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data.” Encryption of data at rest (EBS, S3, Glacier, RDS, etc.) Centralized Regional Key Management with AWS KMS IPSec VPN to your AWS environment with Virtual Private Gateway Dedicated HSM in the cloud with AWS CloudHSM Implementing TOMs with AWS Services - Examples
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Encryption – at rest
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Encryption – Key Management of Server-side Encryption
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.” SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 NIST FIPS 140-2 Common Cloud Computing Controls Catalogue (C5) Implementing TOMs with AWS Services - Examples
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services AWS Global Infrastructure Your own accreditation Meet your own security objectives Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls GDPR Code of Conduct
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GDPR – Code of Conduct CISPE Code (Cloud Infrastructure Service Providers in Europe) The CISPE Code of Conduct : • An effective, easily accessed framework for complying with the EU’s GDPR • Excludes the re-use of customer data • Enables data storage and processing exclusively within the EU • Identifies cloud infrastructure services suitable for different types of data processing • Helps citizens retain control of their personal and sensitive data • AWS CISPE certified • CISPE Code of Conduct in evaluation by Article 29 WP
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace: Your one stop shop for familiar tools
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Partner Network (APN) & GDPR Consulting Partners APN consulting partners can help your customers get ready for GDPR. / Technology Partners APN technology partners offer security & identity solutions to help with GDPR.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS GDPR Center
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China Data Protection in China is managed under the “Cyber Security Law of the People’s Republic of China” • Adopted November 7, 2016 • Came into force on June 1, 2017
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China: Highlights Article 40: Network operators shall ensure user information they collect is kept confidential, and shall set up and improve a user information protection system. Article 41: Network operators are required to collect and use personal information in a legal and proper manner.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China: Highlights Article 42: Network operators shall not disclose, falsify, or damage personal information they collect. Operators shall not provide such personal information to others without consent of information owners, except where processed information cannot identify specific persons and cannot be restored.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China: Highlights Article 43: When an individual finds a network operator collects or uses his personal information in violation of the provisions of laws and administrative regulations or the agreement reached between both parties, he has the right to require the network operator to delete his personal information; when the personal information collected and stored by the network operator contains errors, he has the right to require the network operator to make corrections.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Recap: Data Protection - Shared Responsibility
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tools and Services Compliance Framework Partner Network §§ Data Protection Terms§§ AWS provides assistance for your GDPR journey
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions? Please type them in.
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!
© 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remember to complete your evaluations!

Recommended

Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...Net4All
 
Impact of gdpr on cloud computing
Impact of gdpr on cloud computingImpact of gdpr on cloud computing
Impact of gdpr on cloud computingJackRichard17
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloudReham Maher El-Safarini
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSNavigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSAmazon Web Services
 
Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Amazon Web Services
 
Gdpr compliance on_aws
Gdpr compliance on_awsGdpr compliance on_aws
Gdpr compliance on_awssaifam
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Jacklin Berry
 

Recommended

Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...Accelerate your Cloud journey with security and compliance by design - Margo ...
Accelerate your Cloud journey with security and compliance by design - Margo ...Net4All
 
Impact of gdpr on cloud computing
Impact of gdpr on cloud computingImpact of gdpr on cloud computing
Impact of gdpr on cloud computingJackRichard17
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Security in the cloud
Security in the cloudSecurity in the cloud
Security in the cloudReham Maher El-Safarini
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSNavigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSAmazon Web Services
 
Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Top Security Myths Dispelled - AWS Summit Sydney 2018
Top Security Myths Dispelled - AWS Summit Sydney 2018 Amazon Web Services
 
Gdpr compliance on_aws
Gdpr compliance on_awsGdpr compliance on_aws
Gdpr compliance on_awssaifam
 
Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Is your cloud GDPR compliant?
Is your cloud GDPR compliant?Jacklin Berry
 
Security Governance At The Speed Of Cloud
Security Governance At The Speed Of CloudSecurity Governance At The Speed Of Cloud
Security Governance At The Speed Of CloudAmazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Amazon Web Services
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
 
Top Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledTop Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledAmazon Web Services
 
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Amazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Amazon Web Services
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Amazon Web Services
 
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...Amazon Web Services
 
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018Amazon Web Services
 
How to Choose a Cloud Service Provider?
How to Choose a Cloud Service Provider?How to Choose a Cloud Service Provider?
How to Choose a Cloud Service Provider?Marianne Harness
 
AWS IoT Update - re:Invent Comes to London 2.0
AWS IoT Update - re:Invent Comes to London 2.0AWS IoT Update - re:Invent Comes to London 2.0
AWS IoT Update - re:Invent Comes to London 2.0Amazon Web Services
 
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...Amazon Web Services
 
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Amazon Web Services
 
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018Amazon Web Services
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...Amazon Web Services
 
GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)Amazon Web Services
 
Enabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSEnabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSAmazon Web Services
 

More Related Content

What's hot

Security Governance At The Speed Of Cloud
Security Governance At The Speed Of CloudSecurity Governance At The Speed Of Cloud
Security Governance At The Speed Of CloudAmazon Web Services
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Amazon Web Services
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledAmazon Web Services
 
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Amazon Web Services
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
 
Top Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledTop Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledAmazon Web Services
 
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Amazon Web Services
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Cynthia Hsieh
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Amazon Web Services
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSAmazon Web Services
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Amazon Web Services
 
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...Amazon Web Services
 
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018Amazon Web Services
 
How to Choose a Cloud Service Provider?
How to Choose a Cloud Service Provider?How to Choose a Cloud Service Provider?
How to Choose a Cloud Service Provider?Marianne Harness
 
AWS IoT Update - re:Invent Comes to London 2.0
AWS IoT Update - re:Invent Comes to London 2.0AWS IoT Update - re:Invent Comes to London 2.0
AWS IoT Update - re:Invent Comes to London 2.0Amazon Web Services
 
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...Amazon Web Services
 
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Amazon Web Services
 
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018Amazon Web Services
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...Amazon Web Services
 

What's hot (20)

Security Governance At The Speed Of Cloud
Security Governance At The Speed Of CloudSecurity Governance At The Speed Of Cloud
Security Governance At The Speed Of Cloud
 
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
Securing enterprise-grade serverless applications - SDD401 - AWS re:Inforce 2...
 
Top Cloud Security Myths Dispelled
Top Cloud Security Myths DispelledTop Cloud Security Myths Dispelled
Top Cloud Security Myths Dispelled
 
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
Keep Your IoT Devices Secure (IOT205) - AWS re:Invent 2018
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
 
Top Cloud Security Myths - Dispelled
Top Cloud Security Myths - DispelledTop Cloud Security Myths - Dispelled
Top Cloud Security Myths - Dispelled
 
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
Building IoT Devices for Regulated Industries (LFS304-i) - AWS re:Invent 2018
 
Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020Get ahead of cloud network security trends and practices in 2020
Get ahead of cloud network security trends and practices in 2020
 
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
Scalable encryption: A key to public sector compliance - GRC342 - AWS re:Info...
 
How Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWSHow Inovalon Uses Sophos to Control Security Costs on AWS
How Inovalon Uses Sophos to Control Security Costs on AWS
 
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
Best Practices for AWS IoT Core (IOT347-R1) - AWS re:Invent 2018
 
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...
Challenges of Embedded IoT Development and How Amazon FreeRTOS is Changing th...
 
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018
Introducing the New Features of AWS Greengrass (IOT365) - AWS re:Invent 2018
 
How to Choose a Cloud Service Provider?
How to Choose a Cloud Service Provider?How to Choose a Cloud Service Provider?
How to Choose a Cloud Service Provider?
 
AWS IoT Update - re:Invent Comes to London 2.0
AWS IoT Update - re:Invent Comes to London 2.0AWS IoT Update - re:Invent Comes to London 2.0
AWS IoT Update - re:Invent Comes to London 2.0
 
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...
Enabling Patient Centricity for Pfizer through AWS Cloud (LFS301-S-i) - AWS r...
 
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
Extracting Insights from Industrial Data Using AWS IoT Services (IOT368) - AW...
 
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
The Essentials of AWS IoT Device Management (IOT326-R1) - AWS re:Invent 2018
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...
Optimizing Healthcare Call Centers with Natural Language Understanding (HLC30...
 

Similar to Navigating GDPR Compliance on AWS & Data Regulations in China

Enabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSEnabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSAmazon Web Services
 
Enabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWSEnabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWSAmazon Web Services
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAmazon Web Services
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfAmazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Amazon Web Services
 
GDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EUGDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EUAmazon Web Services
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloudAmazon Web Services
 
Navigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksNavigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksAmazon Web Services
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSNavigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSAmazon Web Services
 
Sicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWSSicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWSAmazon Web Services
 
SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWS SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWSAmazon Web Services
 
ABD310 big data aws and security no notes
ABD310 big data aws and security no notesABD310 big data aws and security no notes
ABD310 big data aws and security no notesAmazon Web Services
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduVladimir Simek
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Amazon Web Services
 
Achieving Compliance and Selling to Regulated Markets on AWS
Achieving Compliance and Selling to Regulated Markets on AWSAchieving Compliance and Selling to Regulated Markets on AWS
Achieving Compliance and Selling to Regulated Markets on AWSAmazon Web Services
 

Similar to Navigating GDPR Compliance on AWS & Data Regulations in China (20)

GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)GDPR x AWS 導覽 (Level 200)
GDPR x AWS 導覽 (Level 200)
 
Enabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWSEnabling Compliance with the GDPR on AWS
Enabling Compliance with the GDPR on AWS
 
GDPR and Automation Overview
GDPR and Automation OverviewGDPR and Automation Overview
GDPR and Automation Overview
 
Enabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWSEnabling Compliance with GDPR on AWS
Enabling Compliance with GDPR on AWS
 
AWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPRAWS per la semplificazione del percorso di conformità al GDPR
AWS per la semplificazione del percorso di conformità al GDPR
 
Enabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdfEnabling Compliance with GDPR on AWS.pdf
Enabling Compliance with GDPR on AWS.pdf
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
 
GDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EUGDPR: Raising the Bar for Security & Compliance Across the EU
GDPR: Raising the Bar for Security & Compliance Across the EU
 
Security & Compliance in the cloud
Security & Compliance in the cloudSecurity & Compliance in the cloud
Security & Compliance in the cloud
 
Navigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech TalksNavigating GDPR Compliance on AWS - AWS Online Tech Talks
Navigating GDPR Compliance on AWS - AWS Online Tech Talks
 
Navigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWSNavigating GDPR Compliance on AWS
Navigating GDPR Compliance on AWS
 
Sicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWSSicurezza e conformità al GDPR con AWS
Sicurezza e conformità al GDPR con AWS
 
SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWS SID303 Navigating GDPR Compliance on AWS
SID303 Navigating GDPR Compliance on AWS
 
ABD310 big data aws and security no notes
ABD310 big data aws and security no notesABD310 big data aws and security no notes
ABD310 big data aws and security no notes
 
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS clouduAWS Webinar CZSK 02 Bezpecnost v AWS cloudu
AWS Webinar CZSK 02 Bezpecnost v AWS cloudu
 
AWS - Security & Compliance
AWS - Security & ComplianceAWS - Security & Compliance
AWS - Security & Compliance
 
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
Security, Risk and Compliance of Your Cloud Journey - Tel Aviv Summit 2018
 
Achieving Compliance and Selling to Regulated Markets on AWS
Achieving Compliance and Selling to Regulated Markets on AWSAchieving Compliance and Selling to Regulated Markets on AWS
Achieving Compliance and Selling to Regulated Markets on AWS
 
Security & Compliance
Security & ComplianceSecurity & Compliance
Security & Compliance
 
Managing Security on AWS
Managing Security on AWSManaging Security on AWS
Managing Security on AWS
 

More from Amazon Web Services

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 

More from Amazon Web Services (20)

Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS Fargate
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 

Navigating GDPR Compliance on AWS & Data Regulations in China

  • 1. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Webinar Navigating GDPR Compliance on AWS Iolaire McKinnon – Security, Risk & Compliance Amazon Web Services
  • 2. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Sponsor
  • 3. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. What is the GDPR? What is the GDPR?
  • 4. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. • The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection Regulation • Introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance across the EU • The GDPR is enforceable May 25th, 2018 and it replaces the EU Data Protection Directive (Directive 95/46/EC) • In scope: Organisations established in the EU and Organisations without an EU presence who target or monitor EU individuals What is the GDPR?
  • 5. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Content vs. Personal Data Content = anything that a customer (or any end user) stores, or processes using AWS services, including: Software ǀ Data ǀ Text ǀ Audio ǀ Video Personal Data = information from which a living individual may be identified or identifiable (under EU data protection law) • Customer’s “content” might include “personal data”
  • 6. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilitates reuse. What Else Comes With GDPR?
  • 7. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. This gives individuals the right to have certain personal data deleted so third parties can no longer trace them. What Else Comes With GDPR?
  • 8. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. This helps to facilitate the inclusion of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data. What Else Comes With GDPR?
  • 9. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects. What Else Comes With GDPR?
  • 10. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. How AWS can help customers achieve GDPR compliance
  • 11. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Protection – A Shared Responsibility
  • 12. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Data Protection – A Shared Responsibility
  • 13. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Subjects Customer as Processor AWS as Processor Controllers and Processors have obligations under GDPR Customer’s customer as Controller Data Protection – A Shared Responsibility
  • 14. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Legal Compliance (both controllers and processors) System Security and Data Protection by Design (both controllers and processors; AWS has tooling to help) Records of Processing Activities (both controllers and processors; AWS has tooling to help) Encryption (both controllers and processors; AWS has have tooling to help) Security of Personal Data (controller responsibility) Managing Data Subject Consent (controller responsibility) Managing Personal Data Deletion (both controllers and processors; AWS has tooling to help) Managing Personal Data Portability (controller responsibility) GDPR is also a Shared Responsibility
  • 15. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Under GDPR Controllers and Processors are required to implement appropriate Technical and Organization Measures (“TOMs”) … (1) Pseudonymisation and encryption of personal data (2) Ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services (3) Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident (4) Process for regularly testing, assessing, and evaluating the effectiveness of TOMs GDPR in practice: implementing TOMs
  • 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS services already comply with the GDPR AWS completed the entirety of our GDPR service readiness audit on March 26, 2018 - validating that all generally available services and features adhere to the high privacy bar and data protection standards required of data processors by the GDPR. What does this mean to you? Customers can deploy AWS services as a key part of their GDPR compliance plans.
  • 17. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tools and Services Compliance Framework Partner Network §§ Data Protection Terms§§ Implementing TOMs - What AWS provides to you
  • 18. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services ‘Security of processing’‘Data protection by design and default’ ‘Records of processing activities’ AWS Storage Gateway Amazon Virtual Private Cloud (VPC) Amazon API Gateway AWS KMS AWS CloudHSM Amazon S3 Server-side Encryption AWS Identity and Access Management AWS CloudFormation AWS WAF Amazon CloudWatch AWS CloudTrail AWS Config
  • 19. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. The controller “shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.” AWS Identity & Access Management API-Request Authentication Temporary Access Tokens Implementing TOMs with AWS Services - Examples
  • 20. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Access Control
  • 21. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Access Control
  • 22. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GDPR Compliance Tools “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.” CloudTrail Inspector Macie AWS Config Implementing TOMs with AWS Services - Examples
  • 23. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Monitoring of Access Activities – AWS CloudTrail AWS CloudTrail
  • 24. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Monitoring of Access Activities – Amazon GuardDuty Amazon GuardDuty
  • 25. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Organizations must “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data.” Encryption of data at rest (EBS, S3, Glacier, RDS, etc.) Centralized Regional Key Management with AWS KMS IPSec VPN to your AWS environment with Virtual Private Gateway Dedicated HSM in the cloud with AWS CloudHSM Implementing TOMs with AWS Services - Examples
  • 26. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Encryption – at rest
  • 27. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Implementing TOMs with AWS Services Data Encryption – Key Management of Server-side Encryption
  • 28. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.” SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 NIST FIPS 140-2 Common Cloud Computing Controls Catalogue (C5) Implementing TOMs with AWS Services - Examples
  • 29. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Foundation Services AWS Global Infrastructure Your own accreditation Meet your own security objectives Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls GDPR Code of Conduct
  • 30. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. GDPR – Code of Conduct CISPE Code (Cloud Infrastructure Service Providers in Europe) The CISPE Code of Conduct : • An effective, easily accessed framework for complying with the EU’s GDPR • Excludes the re-use of customer data • Enables data storage and processing exclusively within the EU • Identifies cloud infrastructure services suitable for different types of data processing • Helps citizens retain control of their personal and sensitive data • AWS CISPE certified • CISPE Code of Conduct in evaluation by Article 29 WP
  • 31. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Marketplace: Your one stop shop for familiar tools
  • 32. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS Partner Network (APN) & GDPR Consulting Partners APN consulting partners can help your customers get ready for GDPR. / Technology Partners APN technology partners offer security & identity solutions to help with GDPR.
  • 33. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. AWS GDPR Center
  • 34. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China
  • 35. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China Data Protection in China is managed under the “Cyber Security Law of the People’s Republic of China” • Adopted November 7, 2016 • Came into force on June 1, 2017
  • 36. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China: Highlights Article 40: Network operators shall ensure user information they collect is kept confidential, and shall set up and improve a user information protection system. Article 41: Network operators are required to collect and use personal information in a legal and proper manner.
  • 37. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China: Highlights Article 42: Network operators shall not disclose, falsify, or damage personal information they collect. Operators shall not provide such personal information to others without consent of information owners, except where processed information cannot identify specific persons and cannot be restored.
  • 38. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Regulations in China: Highlights Article 43: When an individual finds a network operator collects or uses his personal information in violation of the provisions of laws and administrative regulations or the agreement reached between both parties, he has the right to require the network operator to delete his personal information; when the personal information collected and stored by the network operator contains errors, he has the right to require the network operator to make corrections.
  • 39. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR Recap: Data Protection - Shared Responsibility
  • 40. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Tools and Services Compliance Framework Partner Network §§ Data Protection Terms§§ AWS provides assistance for your GDPR journey
  • 41. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Questions? Please type them in.
  • 42. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Thank you!
  • 43. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Remember to complete your evaluations!