5. GDPR – Individual Rights
Right to be
Informed
Right of
Access
Right of
Rectification
Right to
restrict
processing
Right of
data
portability
My Rights!
Right to
object
Rights in
relation to
automated
decision
making and
profiling
Right of
erasure
11. GDPR – Data classification
Personal Data Pseudonymised data Anonymised data
Under GDPR scope Mostly under GDPR scope Not under GDPR scope
Natural Living person
identity
Not possible to directly
identify. Process for re-
identification exists
Not Identifiable and no
process for re-
identification
Name, date of birth,
address
Foreign Key to Personal
data
Random identifier not
correlated to personal
data
18. What
How
18
GDPR – Systems Overview
With
What
Database Storage
Transactions
Analytics
Encryption
Pseudonymised
Backup
Archival
Key Management
Consent
Management
ComputeSecurity
Rights
Management
Personal Data
Management
Breach
Management
20. Consent
API GatewayCloudFront
distribution
AWS Simple Icons: Example
Amazon
Route 53
Managing Consent - Process
DynamoDB Data Flow
Map
Personal
Data
SNS
Step Function SNS
Decider Worker
ECS EC2 RDS
Data Subject
Regulators
ProcessorsController