This content is part of the Essential Guide: GDPR compliance requirements and how to best fulfill them

AWS promises to be GDPR compliant by May 2018 deadline

Amazon promises all AWS cloud services will be GDPR compliant before enforcement of the new EU data privacy regulation starts in 2018, offers customers assistance.

Cloud giant Amazon Web Services announced that all of its services will be GDPR compliant when enforcement of the new EU privacy law begins on May 25, 2018.

Amazon Web Services, or AWS, is not the first cloud provider to announce it will be compliant with the EU's new General Data Privacy Regulation (GDPR); earlier this year Microsoft announced all of its cloud services would be GDPR compliant by the deadline.

"AWS welcomes the arrival of the GDPR. The new, robust requirements raise the bar for data protection, security, and compliance, and will push the industry to follow the most stringent controls, helping to make everyone more secure," wrote Stephen Schmidt, vice president of security engineering and CISO at Amazon Web Services, in a blog post. "I am happy to announce today that all AWS services will comply with the GDPR when it becomes enforceable on May 25, 2018."

Schmidt said that AWS will offer "a number of services and tools to enable you to build GDPR-compliant infrastructure on top of AWS," and detailed some of the tools and services that AWS will be offering its customers to help them become GDPR compliant.

As an entity providing data processing services, AWS announced the availability of a data processing agreement (DPA) through the account managers of AWS customers. Cloud customers need to have a valid DPA spelling out how cloud data processors like AWS comply with the new EU data privacy regulation in order to be GDPR compliant.

AWS welcomes the arrival of the GDPR.
Stephen Schmidtvice president of security engineering and CISO, Amazon Web Services

AWS also has "teams of compliance experts, data protection specialists, and security experts working with customers across Europe to answer their questions and help them prepare for running workloads in the AWS Cloud after the GDPR comes into force," Schmidt wrote.

AWS also touted updates to its EU Data Protection website, with special mention of AWS' membership in the Association of Cloud Infrastructure Services Providers in Europe (CISPE), which is an association of cloud infrastructure services providers operating in Europe, aiming to help cloud customers become GDPR compliant. AWS joined CISPE earlier this year, committing Amazon to CISPE's cloud "Code of Conduct" and positioning Amazon to provide GDPR compliant services to its customers. Schmidt wrote that a number of AWS services and tools, including Amazon EC2, Amazon S3 and AWS CloudTrail, are fully compliant with the CISPE's Code of Conduct.

Starting May 25, 2018, GDPR compliance will be mandatory for all businesses and organizations that collect or process personal data related to any EU person. The new rules prescribe more rigorous requirements on the collection and use of personal data, how data is removed after it is no longer needed, and granting individuals the right to delete their data. Penalties can be significant under GDPR; failure to comply can cost organizations in breach fines of up to 4% of their annual global turnover or 20 million euros -- whichever is greater.

Next Steps

Find out how Brexit affects GDPR compliance

Learn how the GDPR will affect you

Read about how the EU-U.S. Privacy Shield certification process is working

Dig Deeper on Compliance

Enterprise Desktop
Cloud Computing