AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Similar documents
Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Getting Started with AWS Security

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Title: Planning AWS Platform Security Assessment?

SoftLayer Security and Compliance:

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

AWS SECURITY AND COMPLIANCE QUICK REFERENCE GUIDE

Security & Compliance in the AWS Cloud. Amazon Web Services

Our agenda. The basics

EU General Data Protection Regulation (GDPR) Achieving compliance

Google Cloud & the General Data Protection Regulation (GDPR)

INTRO TO AWS: SECURITY

SECURITY ON AWS 8/3/17. AWS Security Standards MORE. By Max Ellsberry

Data Processing Clauses

Mapping traditional security technologies to AWS Dave Walker Specialised Solutions Architect Security and Compliance Amazon Web Services UK Ltd

Prohire Software Systems Limited ("Prohire")

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

Security on AWS(overview) Bertram Dorn EMEA Specialized Solutions Architect Security and Compliance

Managing and Auditing Organizational Migration to the Cloud TELASA SECURITY

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

AWS Security. Stephen E. Schmidt, Directeur de la Sécurité

Twilio cloud communications SECURITY

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

Layer Security White Paper

Getting started with AWS security

Compliance and Security in a Cloud-First Era

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Embedding GDPR into the SDLC

Data Management and Security in the GDPR Era

Securing Microservices Containerized Security in AWS

DATA PROCESSING AGREEMENT

Secure Esri Solutions in the AWS Cloud. CJ Moses, AWS Deputy CISO

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

GDPR Compliance. Clauses

BHConsulting. Your trusted cybersecurity partner

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

The Role of the Data Protection Officer

SDL Privacy Policy Cloud Services

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

General Data Protection Regulation (GDPR)

Version 1/2018. GDPR Processor Security Controls

10 Considerations for a Cloud Procurement. March 2017

Getting started with AWS security

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Introduction to AWS GoldBase

KantanMT.com. Security & Infra-Structure Overview

Manchester Metropolitan University Information Security Strategy

The GDPR Are you ready?

ngenius Products in a GDPR Compliant Environment

Mid-Atlantic CIO Forum

THE EU GENERAL DATA PROTECTION REGULATION CHECK POINT FOR EFFICIENT AND EFFECTIVE COMPLIANCE WELCOME TO THE FUTURE OF CYBER SECURITY

Oracle Data Cloud ( ODC ) Inbound Security Policies

DATA PROCESSING TERMS

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE

Knowing and Implementing the GDPR Part 3

Accelerating the HCLS Industry Through Cloud Computing

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Architecting for Greater Security in AWS

Data Processing Agreement

What is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller

Cloud security 2.0: Joko nyt pilveen voi luottaa?

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

The Cloud Changes Nothing and Everything! Amazon.com, Inc. and its affiliates. All rights reserved.

GDPR Update and ENISA guidelines

Magento Commerce Architecture and Security Model Last updated: Aug 2017

Unleash the Power of Secure, Real-Time Collaboration

Data Protection Policy

ARBOR DDoS PRODUCTS IN A GDPR COMPLIANT ENVIRONMENT. Guidelines and Frequently Asked Questions

Site Builder Privacy and Data Protection Policy

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

General Data Protection Regulation

CYBER SECURITY WHITEPAPER

Security Information & Policies

Magento GDPR Frequently Asked Questions

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Data Breaches and the EU GDPR

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Best Practices for Cloud Security at Scale. Phil Rodrigues Security Solutions Architect Amazon Web Services, ANZ

Data Protection and GDPR

ARTICLE 29 DATA PROTECTION WORKING PARTY

Security by Design Running Compliant workloads in AWS

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

LiveEngage Messaging Platform: Security Overview Document Version: 2.0 July 2017

Security: Michael South Americas Regional Leader, Public Sector Security & Compliance Business Acceleration

Whitepaper on EU Data Protection October 2014

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

Data Processing Agreement

General Data Protection Regulation

Altius IT Policy Collection Compliance and Standards Matrix

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

A Practical Look into GDPR for IT

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Crypto-Options on AWS. Bertram Dorn Specialized Solutions Architect Security/Compliance Network/Databases Amazon Web Services Germany GmbH

Cisco Webex Messenger

Leading Investment Management Software Firm Slashes Infrastructure Costs, Maximizes Application Availability ATTENTION. ALWAYS.

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

The Common Controls Framework BY ADOBE

Transcription:

AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services

What is the GDPR?

What is the GDPR? The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection Regulation Introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance across the EU The GDPR is enforceable May 25th, 2018 and it replaces the EU Data Protection Directive (Directive 95/46/EC) Territorial scope: Organisations established in the EU and Organisations without an EU presence who target or monitor EU individuals

Content vs. Personal Data Content = anything that a customer (or any end user) stores, or processes using AWS services, including: Software ǀ Data ǀ Text ǀ Audio ǀ Video Personal Data = information from which a living individual may be identified or identifiable (under EU data protection law) Customer s content might include personal data

What Else Comes With GDPR? Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilitates reuse.

What Else Comes With GDPR? This gives individuals the right to have certain personal data deleted so third parties can no longer trace them.

What Else Comes With GDPR? This helps to facilitate the inclusion of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data.

What Else Comes With GDPR? Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects.

How AWS can help customers achieve GDPR compliance

Bringing it all together Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR

Bringing it all together Data Subjects Customer s customer as Controller Customer as Processor AWS as Processor Controllers and Processors have obligations under GDPR

GDPR in practice: implementing TOMs Under GDPR Controllers and Processors are required to implement appropriate Technical and Organization Measures ( TOMs ) (1) Pseudonymisation and encryption of personal data (3) Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident (2) Ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services (4) Process for regularly testing, assessing, and evaluating the effectiveness of TOMs

What AWS provides Tools and Services Compliance Framework Partner Network Data Protection Terms

AWS Shared Responsibility Model Customers Client-side Data Encryption AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Customer content Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Server-side Data Encryption Availability Zones Regions Network Traffic Protection Edge Locations Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud

GDPR is also a shared responsibility Legal Compliance (both controllers and processors) System Security and Data Protection by Design (both controllers and processors; AWS has tooling to help) Records of Processing Activities (both controllers and processors; AWS has tooling to help) Encryption (both controllers and processors; AWS has have tooling to help) Managing Data Subject Consent (controller responsibility) Managing Personal Data Deletion (both controllers and processors; AWS has tooling to help) Managing Personal Data Portability (controller responsibility) Security of Personal Data (controller responsibility)

Navigating GDPR Compliance with AWS Services Data protection by design and default Security of processing Amazon Snowball Amazon API Gateway Amazon Virtual Private Cloud (VPC) AWS KMS AWS CloudHSM Records of processing activities Server-side Encryption AWS Identity and Access Management Active Directory Integration SAML Federation AWS Service Catalog AWS CloudTrail AWS Config 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

GDPR Compliance Tools The controller shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. Multi factor authentication API-Request Authentication Temporary Access Tokens

AWS & The GDPR Access Control 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

AWS & The GDPR Access Control 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

GDPR Compliance Tools Each controller and, where applicable, the controller s representative, shall maintain a record of processing activities under its responsibility. CloudTrail Inspector Macie AWS Config

AWS & The GDPR Monitoring and Logging 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

AWS & The GDPR Amazon GuardDuty 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

GDPR Compliance Tools Organizations must implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data. Encryption of your data at rest with AES256 (EBS/S3/Glacier/RDS) Centralized (by Region) managed Key-Management (KMS) IPsec tunnels into AWS with the VPN-Gateways Dedicated HSM modules in the cloud with CloudHSM

AWS & The GDPR Encryption 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

AWS & The GDPR Amazon Key Management Service (KMS) 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

GDPR Compliance Tools Appropriate technical and organizational measures may need to include the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services. SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 FIPS 140-2 C5

Meet your own security objectives Customers Your own accreditation GDPR Code of Conducts Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts AWS Foundation Services AWS Global Infrastructure Built on AWS consistent baseline controls

GDPR Codes of Conduct CISPE Code (Cloud Infrastructure Service Providers in Europe) The CISPE Code of Conduct : An effective, easily accessed framework for complying with the EU s GDPR Excludes the re-use of customer data Enables data storage and processing exclusively within the EU Identifies cloud infrastructure services suitable for different types of data processing Helps citizens to retain control of their personal and sensitive data AWS CISPE certified CISPE Code of Conduct in evaluation by Article 29 WP

AWS Marketplace: One stop shop for familiar tools

AWS Partner Network (APN) & GDPR Consulting Partners APN consulting partners can help your customers get ready for GDPR. Technology Partners APN technology partners offer security & identity solutions to help with GDPR. /

ProServe Offering Development: Technical Solution supporting Privacy-by-Design SRC ProServe team is in discovery efforts to understand what our customers are seeking to learn with regard to GDPR. If you have anything you would like to share please reach out to the ProServe contacts below. Current activities underway include: Offering Development: Sales & Delivery Assets targeted for February (legal dependencies) Partner Development: Working with some of our Partners to build/create go to market information. Customer Engagement: Webinars are planned to support Venture Capital Business; if you are interested please reach out. Security Summit/Lofts: Will be present to at several events to support customers onsite

AWS & The GDPR 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved.

Thank You

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback