AWS whitepapers documentation change
Summary
Updated GDPR compliance whitepaper with restructured table format, added new compliance areas (DPIA, DTIA, PII Data Discovery), updated navigation links, and removed historical reference note.
Security assessment
The changes enhance documentation about GDPR compliance measures and AWS security services but do not address a specific security vulnerability or incident. The updates provide more comprehensive guidance on data protection impact assessments, data transfer assessments, and PII discovery tools, which are security-related features.
Diff
diff --git a/whitepapers/latest/navigating-gdpr-compliance/how-aws-can-help.md b/whitepapers/latest/navigating-gdpr-compliance/how-aws-can-help.md index 1ec935f4f..6541331aa 100644 --- a//whitepapers/latest/navigating-gdpr-compliance/how-aws-can-help.md +++ b//whitepapers/latest/navigating-gdpr-compliance/how-aws-can-help.md @@ -1 +1 @@ -[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#how-aws-can-help "Open PDF") +[View a markdown version of this page](how-aws-can-help.md) @@ -3 +3 @@ -[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](welcome.html) +[](/pdfs/whitepapers/latest/navigating-gdpr-compliance/navigating-gdpr-compliance.pdf#how-aws-can-help "Open PDF") @@ -5 +5 @@ -This whitepaper is for historical reference only. Some content might be outdated and some links might not be available. +[Documentation](/index.html)[AWS Whitepapers](https://aws.amazon.com/whitepapers/)[AWS Whitepaper](navigating-gdpr-compliance-on-aws.html) @@ -9 +9 @@ This whitepaper is for historical reference only. Some content might be outdated - _Table 1 – How AWS can help you navigate GDPR compliance_ +**Table 1 – How AWS can help you navigate GDPR compliance** @@ -11 +11 @@ This whitepaper is for historical reference only. Some content might be outdated -**Area** | **Description******| **AWS Services and Tools****** +**Area** | **Description** | **AWS Services and Tools** @@ -13,23 +13,7 @@ This whitepaper is for historical reference only. Some content might be outdated -**Strong Compliance Framework** | Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.” | SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 / ISO 27701 NIST FIPS 140-2 Common Cloud Computing Controls Catalog (C5) -**Data Access Control** | The controller “…shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data that are necessary for each specific purpose of the processing are processed.” | [AWS Identity and Access Management (IAM)](https://aws.amazon.com/iam/) -[Amazon Cognito](https://aws.amazon.com/cognito/) -[AWS Shield](https://aws.amazon.com/shield) and [AWS WAF](https://docs.aws.amazon.com/waf/latest/developerguide/what-is-aws-waf.html) -[AWS Resource Access Manager](https://aws.amazon.com/ram/) -[Amazon CloudFront](https://aws.amazon.com/cloudformation/) -[AWS Organizations](https://aws.amazon.com/organizations/) -[AWS CloudTrail](https://aws.amazon.com/cloudtrail/) -**Monitoring and Logging** | “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.” “…the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk […]” | [AWS Config](https://aws.amazon.com/config) -[Amazon CloudWatch](https://aws.amazon.com/cloudwatch/) -[AWS Control Tower](https://aws.amazon.com/controltower/) -[Amazon GuardDuty](https://aws.amazon.com/guardduty/) -[Amazon Detective](https://aws.amazon.com/detective/) -[Amazon Inspector](https://aws.amazon.com/inspector/) -[Amazon Macie](https://aws.amazon.com/macie/) -[AWS Systems Manager](https://aws.amazon.com/systems-manager/) -[AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) -[Amazon Security Lake](https://aws.amazon.com/security-lake/) -[AWS Tools and SDKs](https://aws.amazon.com/getting-started/tools-sdks/) -**Protecting your Data on AWS** | Organizations must “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data.” | [AWS Certificate Manager](https://aws.amazon.com/certificate-manager/) -[AWS CloudHSM](https://aws.amazon.com/cloudhsm/) -[AWS Key Management Service](https://aws.amazon.com/kms/) -[AWS Nitro Systems](https://aws.amazon.com/ec2/nitro/) +Strong Compliance Framework | Appropriate technical and organizational measures may need to include “the ability to ensure the ongoing confidentiality, integrity, availability, and resilience of the processing systems and services.” | The framework is validated by following certifications and attestations:SOC 1 / SSAE 16 / ISAE 3402 (formerly SAS 70) / SOC 2 / SOC 3 PCI DSS Level 1 ISO 9001 / ISO 27001 / ISO 27017 / ISO 27018 / ISO 27701 NIST FIPS 140-2 Cloud Computing Compliance Criteria Catalog (C5) +Data Access Control | The controller “…shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.” | AWS Identity and Access Management (IAM) Amazon Cognito AWS Shield and AWS WAF AWS Resource Access ManagerAmazon CloudFrontAWS Organizations AWS CloudTrail +Monitoring, Logging and Records of Processing | “Each controller and, where applicable, the controller’s representative, shall maintain a record of processing activities under its responsibility.” “…the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk […]” | AWS Config Amazon CloudWatch AWS Control Tower Amazon GuardDuty Amazon Detective Amazon Inspector Amazon Macie AWS Systems Manager AWS Security Hub AWS Security LakeAmazon Security LakeAWS Tools and SDKs +Protecting your Data on AWS | Organizations must “implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including […] the pseudonymization and encryption of personal data.” | AWS Certificate Manager AWS CloudHSM AWS Nitro Systems +Data Protection Impact Assessment (DPIA) | AWS provides services and resources that assist customers in completing their DPIA when using AWS services. The GPDR determines the customer is responsible for determining if a DPIA is required, for choosing an assessment methodology, and for performing the assessment. | AWS Service TermsAWS ArtifactAWS Compliance Programs +Data Transfer Impact Assessment (DTIA) | The Annex to this whitepaper provides more information for customers that want to perform an assessment on data transfers when using AWS services. | AWS Service TermsAWS Privacy FeaturesAWS Sub-Processors webpages +PII Data Discovery | Organizations must identify and classify personal data to implement appropriate protection measures and demonstrate GDPR compliance. AWS provides tools to automatically discover, classify, and monitor personal data across AWS services. | Amazon Macie for automated sensitive data discovery and classificationAWS Glue Data Catalog for data inventory and classificationAmazon EMR for large-scale data processing and analysisAWS CloudWatch Logs pattern matching for log analysis