At Amazon, security remains the highest priority, AWS constantly continues to innovate and invest in a high bar for security and compliance across all global operations. Amazon’s industry-leading functionality provides the foundation for our long list of internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5). AWS continues to pursue the certifications to assist the customers.
Many requirements under the GDPR focus on ensuring effective control and protection of personal data. AWS services give its partners the ability to implement their own security measures in order to enable Partners compliance with the GDPR, including specific measures such as:
Amazon AWS offer’s a GDPR-compliant Data Processing Addendum (DPA), enabling users to comply with GDPR contractual obligations.
GDPR introduces adherence to a “code of conduct” as a mechanism for demonstrating sufficient guarantees of requirements that the GDPR places on data processors. In this context, we previously announced compliance with the CISPE Code of Conduct. The CISPE Code of Conduct provides partners & users with additional assurances regarding their ability to fully control their data in a safe, secure, and compliant environment when they use services from providers like AWS. More detail about the CISPE Code of Conduct can be found at: aws.amazon.com/compliance/cispe/