AWS Security ChangesHomeSearch

AWS whitepapers documentation change

Service: whitepapers · 2026-04-16 · Documentation low

File: whitepapers/latest/navigating-gdpr-compliance/discovering-and-protecting-data-at-scale-with-amazon-macie.md

Summary

Updated whitepaper formatting, navigation links, and content corrections including fixing quote formatting, updating Amazon Macie service description, correcting grammatical errors, updating image references, and enhancing CloudWatch description.

Security assessment

The changes primarily involve formatting improvements, navigation updates, and minor content corrections. While the document discusses security features (Amazon Macie for data protection and CloudWatch for data masking), there is no evidence of addressing a specific security vulnerability or incident. The updates maintain existing security documentation about GDPR compliance and data protection mechanisms.

Diff

diff --git a/whitepapers/latest/navigating-gdpr-compliance/discovering-and-protecting-data-at-scale-with-amazon-macie.md b/whitepapers/latest/navigating-gdpr-compliance/discovering-and-protecting-data-at-scale-with-amazon-macie.md
index b49c19bb1..714a94acb 100644
--- a//whitepapers/latest/navigating-gdpr-compliance/discovering-and-protecting-data-at-scale-with-amazon-macie.md
+++ b//whitepapers/latest/navigating-gdpr-compliance/discovering-and-protecting-data-at-scale-with-amazon-macie.md
@@ -1 +1 @@
-[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#discovering-and-protecting-data-at-scale-with-amazon-macie "Open PDF")
+[View a markdown version of this page](discovering-and-protecting-data-at-scale-with-amazon-macie.md)
@@ -3 +3 @@
-[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](welcome.html)
+[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#discovering-and-protecting-data-at-scale-with-amazon-macie "Open PDF")
@@ -5 +5 @@
-This whitepaper is for historical reference only. Some content might be outdated and some links might not be available.
+[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](navigating-gdpr-compliance-on-aws.html)
@@ -9 +9 @@ This whitepaper is for historical reference only. Some content might be outdated
-Article 32 of the GDPR states that “…the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: […]
+Article 32 of the GDPR states that “[…] the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: […] 
@@ -17 +17 @@ Article 32 of the GDPR states that “…the controller and the processor shall
-Having an ongoing data classification process is critical for adjusting security data processing to the nature of data. If your organization manages sensitive data, monitor where it resides, protect it properly, and provide evidence that you are enforcing data security and privacy as required to meet regulatory compliance requirements. To help the customer identify and protect their sensitive data at scale, AWS offers [Amazon Macie,](https://aws.amazon.com/macie/) a fully managed data security and data privacy service that uses pattern matching and machine learning models for detection of Personally Identifiable Information (PII) to discover and protect sensitive data stored in S3 buckets. Amazon Macie scans these buckets and provides a data categorization of them using managed data identifiers that are designed to detect several categories of sensitive data. Macie can [detect PII](https://docs.aws.amazon.com/macie/latest/user/managed-data-identifiers.html#managed-data-identifiers-pii) such as full name, email address, birth date, national identification number, taxpayer identification or reference number, and more. The customer can define custom data identifiers that reflect their organization’s particular scenarios (for example, customer account numbers or internal data classification).
+Having an ongoing data classification process is critical for adjusting security data processing to the nature of data. If your organization manages sensitive data, monitor where it resides, protect it properly, and provide evidence that you are enforcing data security and privacy as required to meet regulatory compliance requirements. To help the customer identify and protect their sensitive data at scale, AWS offers [Amazon Macie](https://aws.amazon.com/macie), a fully managed data security and data privacy service that uses pattern matching and machine learning models for detection of Personally Identifiable Information (PII) to discover and protect sensitive data stored in S3 buckets. Amazon Macie scans these buckets and provides a data categorization of them using managed data identifiers that are designed to detect several categories of sensitive data. Amazon Macie can detect PII such as full name, email address, birth date, national identification number, taxpayer identification or reference number, and more. The customer can define custom data identifiers that reflect their organization’s particular scenarios (for example, customer account numbers or internal data classification). 
@@ -19 +19 @@ Having an ongoing data classification process is critical for adjusting security
-Amazon Macie continually evaluates the object inside the buckets and automatically provides a summary of findings (Figure 4) for any unencrypted or publicly accessible data discovered that match with the defined data category. This data can include alerts for any unencrypted, publicly accessible objects or buckets shared with AWS accounts outside those you have defined in AWS Organizations. Amazon Macie is integrated with other AWS services, such as [AWS Security Hub CSPM](https://aws.amazon.com/security-hub), to generate actionable security findings and provide an automatic and reactive action to the finding (Figure 5). 
+Amazon Macie continually evaluates the objects inside the buckets and automatically provides a summary of findings (Figure 4) for any unencrypted or publicly accessible data discovered that match with the defined data category. This data can include alerts for any unencrypted, publicly accessible objects or buckets shared with AWS accounts outside those you have defined in AWS Organizations. Amazon Macie is integrated with other AWS services, such as [AWS Security Hub](https://aws.amazon.com/security-hub/), to generate actionable security findings and provide an automatic and reactive action to the finding (Figure 5). 
@@ -21 +21 @@ Amazon Macie continually evaluates the object inside the buckets and automatical
-![Macie findings dashboard showing sensitive data objects detected in various resources with high severity.](/images/whitepapers/latest/navigating-gdpr-compliance/images/gdpr_compliance5.png)
+![Macie findings dashboard showing sensitive data objects detected in various resources with high severity.](/images/whitepapers/latest/navigating-gdpr-compliance/images/macie-findings-dashboard.png)
@@ -25 +25 @@ _Figure 4 – Data inspections and finding example_
-In order to prevent sensitive data accidental disclosure, coming from log data in-transit such as credit card numbers or government ID’s logged by your systems, and applications, Amazon CloudWatch provides data [protection account level policy](https://docs.aws.amazon.com/AmazonCloudWatchLogs/latest/APIReference/API_PutAccountPolicy.html). Account level policies work in combination with log group level policies, allowing you to select patterns of sensitive log data to detect and protect broadly across all log groups in an AWS account. By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks according to the policy. 
+In order to prevent sensitive data accidental disclosure, coming from log data in-transit such as credit card numbers or government ID’s logged by your systems, and applications, [Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) provides data protection account level policy. Account level policies work in combination with log group level policies, allowing you to select patterns of sensitive log data to detect and protect broadly across all log groups in an AWS account. By default, when a user views a log event that includes masked data, the sensitive data is replaced by asterisks according to the policy. 
@@ -35 +35 @@ Collecting and Processing Logs
-Centralized Security Management
+Centralized Compliance and Security Management