Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Navigating GDPR Compliance on AWS

4.193 Aufrufe

Veröffentlicht am

The General Data Protection Regulation (GDPR) becomes enforceable on May 25, 2018. Complying with GDPR can be challenging, but AWS can guide you through the process. This webinar is hosted by a GDPR compliance expert who will explain the automation mechanisms AWS offers its customers to help with their compliance programs. Specific GDPR articles will be matched to tooling, so knowledge of both will be helpful in understanding the material. A Q&A will follow.

  • DOWNLOAD FULL BOOKS, INTO AVAILABLE FORMAT ......................................................................................................................... ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. PDF EBOOK here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. EPUB Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... 1.DOWNLOAD FULL. doc Ebook here { https://tinyurl.com/y6a5rkg5 } ......................................................................................................................... ......................................................................................................................... ......................................................................................................................... .............. Browse by Genre Available eBooks ......................................................................................................................... Art, Biography, Business, Chick Lit, Children's, Christian, Classics, Comics, Contemporary, Cookbooks, Crime, Ebooks, Fantasy, Fiction, Graphic Novels, Historical Fiction, History, Horror, Humor And Comedy, Manga, Memoir, Music, Mystery, Non Fiction, Paranormal, Philosophy, Poetry, Psychology, Religion, Romance, Science, Science Fiction, Self Help, Suspense, Spirituality, Sports, Thriller, Travel, Young Adult,
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • ♣♣ 10 Easy Ways to Improve Your Performance in Bed... ◆◆◆ https://tinyurl.com/rockhardxxx
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • ★★★ http://ishbv.com/rockhardx/pdf
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier
  • Hello! Get Your Professional Job-Winning Resume Here - Check our website! https://vk.cc/818RFv
       Antworten 
    Sind Sie sicher, dass Sie …  Ja  Nein
    Ihre Nachricht erscheint hier

Navigating GDPR Compliance on AWS

  1. 1. AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services
  2. 2. What is the GDPR?
  3. 3. What is the GDPR? • The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection Regulation • Introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance across the EU • The GDPR is enforceable May 25th, 2018 and it replaces the EU Data Protection Directive (Directive 95/46/EC) • Territorial scope: Organisations established in the EU and Organisations without an EU presence who target or monitor EU individuals
  4. 4. Content vs. Personal Data Content = anything that a customer (or any end user) stores, or processes using AWS services, including: Software ǀ Data ǀ Text ǀ Audio ǀ Video Personal Data = information from which a living individual may be identified or identifiable (under EU data protection law) • Customer’s “content” might include “personal data”
  5. 5. What Else Comes With GDPR? Individuals have the right to a copy of all the personal data that controllers have regarding him or her. It also must be provided in a way that facilitates reuse.
  6. 6. What Else Comes With GDPR? This gives individuals the right to have certain personal data deleted so third parties can no longer trace them.
  7. 7. This helps to facilitate the inclusion of policies, guidelines, and work instructions related to data protection in the earliest stages of projects including personal data. What Else Comes With GDPR?
  8. 8. Controllers must report personal data breaches to the relevant supervisory authority within 72 hours. If there is a high risk to the rights and freedoms of data subjects, they must also notify the data subjects. What Else Comes With GDPR?
  9. 9. How AWS can help customers achieve GDPR compliance
  10. 10. Bringing it all together Data Subjects Customers are Controllers AWS as Processor Controllers and Processors have obligations under GDPR
  11. 11. Bringing it all together Data Subjects Customer as Processor AWS as Processor Controllers and Processors have obligations under GDPR Customer’s customer as Controller
  12. 12. Under GDPR Controllers and Processors are required to implement appropriate Technical and Organization Measures (“TOMs”) … (1) Pseudonymisation and encryption of personal data (2) Ensure ongoing confidentiality, integrity, availability, and resilience of processing systems and services (3) Ability to restore availability and access to personal data in a timely manner in the event of a physical or technical incident (4) Process for regularly testing, assessing, and evaluating the effectiveness of TOMs GDPR in practice: implementing TOMs
  13. 13. What AWS provides Tools and Services Compliance Framework Partner Network §§ Data Protection Terms§§
  14. 14. AWS Foundation Services Compute Storage Database Networking AWS Global Infrastructure Regions Availability Zones Edge Locations Client-side Data Encryption Server-side Data Encryption Network Traffic Protection Platform, Applications, Identity & Access Management Operating System, Network & Firewall Configuration Customer content Customers AWS Shared Responsibility Model Customers are responsible for their security and compliance IN the Cloud AWS is responsible for the security OF the Cloud
  15. 15. GDPR is also a “shared responsibility” Legal Compliance (both controllers and processors) System Security and Data Protection by Design (both controllers and processors; AWS has tooling to help) Records of Processing Activities (both controllers and processors; AWS has tooling to help) Encryption (both controllers and processors; AWS has have tooling to help) Security of Personal Data (controller responsibility) Managing Data Subject Consent (controller responsibility) Managing Personal Data Deletion (both controllers and processors; AWS has tooling to help) Managing Personal Data Portability (controller responsibility)
  16. 16. © 2017, Amazon Web Services, Inc. or its Affiliates. All rights reserved. N a v i g a t i n g G D P R C o m p l i a n c e w i t h A W S S e r v i c e s ‘Security of processing’‘Data protection by design and default’ ‘Records of processing activities’ Amazon Snowball Amazon Virtual Private Cloud (VPC) Amazon API Gateway AWS KMS AWS CloudHSM Server-side Encryption AWS Identity and Access Management SAML Federation Active Directory Integration AWS Service Catalog AWS CloudTrail AWS Config
  17. 17. The controller “shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.” Multi factor authentication API-Request Authentication Temporary Access Tokens GDPR Compliance Tools
  18. 18. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS & The GDPR Access Control
  19. 19. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS & The GDPR Access Control
  20. 20. GDPR Compliance Tools “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.” CloudTrail Inspector Macie AWS Config
  21. 21. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS & The GDPR Monitoring and Logging
  22. 22. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS & The GDPR Amazon GuardDuty
  23. 23. GDPR Compliance Tools Organizations must “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data.” Encryption of your data at rest with AES256 (EBS/S3/Glacier/RDS) Centralized (by Region) managed Key-Management (KMS) IPsec tunnels into AWS with the VPN-Gateways Dedicated HSM modules in the cloud with CloudHSM
  24. 24. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS & The GDPR Encryption
  25. 25. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS & The GDPR Amazon Key Management Service (KMS)
  26. 26. GDPR Compliance Tools Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.” SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 FIPS 140-2 C5
  27. 27. AWS Foundation Services AWS Global Infrastructure Your own accreditation Meet your own security objectives Your own certifications Your own external audits Customer scope and effort is reduced Better results through focused efforts Built on AWS consistent baseline controls Customers GDPR Code of Conducts
  28. 28. GDPR – Codes of Conduct CISPE Code (Cloud Infrastructure Service Providers in Europe) The CISPE Code of Conduct : • An effective, easily accessed framework for complying with the EU’s GDPR • Excludes the re-use of customer data • Enables data storage and processing exclusively within the EU • Identifies cloud infrastructure services suitable for different types of data processing • Helps citizens to retain control of their personal and sensitive data • AWS CISPE certified • CISPE Code of Conduct in evaluation by Article 29 WP
  29. 29. AWS Marketplace: One stop shop for familiar tools
  30. 30. AWS Partner Network (APN) & GDPR Consulting Partners APN consulting partners can help your customers get ready for GDPR. Technology Partners APN technology partners offer security & identity solutions to help with GDPR. /
  31. 31. ProServe Offering Development: Technical Solution supporting Privacy-by-Design • SRC ProServe team is in discovery efforts to understand what our customers are seeking to learn with regard to GDPR. If you have anything you would like to share please reach out to the ProServe contacts below. • Current activities underway include: • Offering Development: Sales & Delivery Assets targeted for February (legal dependencies) • Partner Development: Working with some of our Partners to build/create go to market information. • Customer Engagement: Webinars are planned to support Venture Capital Business; if you are interested please reach out. • Security Summit/Lofts: Will be present to at several events to support customers onsite
  32. 32. © 2018, Amazon Web Services, Inc. or Its Affiliates. All rights reserved. AWS & The GDPR
  33. 33. Thank You

×