How AWS Supports Customers and APN Partners on the Journey to GDPR Compliance
Since Amazon Web Services (AWS) has announced that all AWS services comply with the General Data Protection Regulation (GDPR), we wanted to explore some of the ways AWS can help you on your road to compliance.
The GDPR protects European Union data subjects’ fundamental right to privacy and the protection of personal data. It introduces robust requirements that will raise and harmonize standards for data protection, security, and compliance.
In this post, we will walk through the support AWS offers across our AWS Partner Network (APN), AWS Premium Support, and AWS Professional Services organizations. We will explain how these teams are working with customers and APN Partners in Europe and around the world to support them with questions related to GDPR and AWS.
AWS Partner Network, AWS Marketplace, and GDPR
Although customers can meet GDPR compliance natively on AWS, they can also continue working with their existing Independent Software Vendor (ISV), Managed Service Provider (MSP), or Systems Integrator (SI) to become GDPR compliant in the cloud.
APN Partners often help customers reinforce their security posture by extending the AWS Shared Responsibility Model. Additionally, APN Partners provide industry-specific solutions in areas like security, storage, and networking that customers can use in concert with native AWS services as part of their GDPR journey.
We have added the ability for customers to search for “GDPR” in the AWS Partner Solutions Finder to help find ISVs, MSPs, and SI partners that have products and services to help with GDPR compliance. Customers can also search for “GDPR” solutions on AWS Marketplace.
APN Partner Solutions
Let’s look at three examples of the value AWS customers see in working with APN Partners on their GDPR journey.
First, ClearDATA is an APN Advanced Consulting and Public Sector Partner with AWS Competencies in both Healthcare and Life Sciences, and AWS Service Delivery designations in Amazon Aurora MySQL, Amazon DynamoDB, Amazon RDS for PostgreSQL, and AWS Lambda. ClearDATA has been working with customers of all sizes to reinforce their compliance posture. They released their Compliance Dashboard, C2, which is available on AWS Marketplace.
With C2, customers can get point-in-time visibility of how they have configured some of their AWS services, such as Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3), and Amazon Relational Database Service (Amazon RDS), and how that aligns with ClearDATA’s interpretation of technical controls pertaining to GDPR.
Figure 1 – ClearDATA’s Compliance Dashboard, C2, provides point-in-time visibility for how AWS services are configured.
Turbot is an APN Advanced Technology and Public Sector Partner with AWS Competencies in both Security and Life Sciences. With Turbot, customers get the ability to apply automated guardrails to ensure that whatever policies they wish to enforce remain in place. For example, if a customer interprets the GDPR to require encryption of all Amazon S3 buckets, they can quickly enforce this through Turbot guardrails.
Customers can also enforce data residency requirements by using Turbot to set approved regions. For example, if you create an Amazon S3 bucket in an unapproved region, Turbot can detect this API action and delete the S3 bucket.
Figure 2 – Turbot applies automated guardrails to ensure organizations’ existing policies remain in place throughout the GDPR journey.
One final example is the Zaloni Data Platform (ZDP) from APN Advanced Technology Partner Zaloni, which holds the AWS Competency in Big Data. The Zaloni Data Platform is a data management, governance, and self-service software solution that delivers a production-ready data lake in just weeks.
The ZDP platform operationalizes data management, and enables data governance for compliance with business and industry regulations such as GDPR. For business users, the ZDP platform delivers a self-service, enterprise-wide data catalog through which to discover and wrangle data sets, and derive transformational business insights using advanced analytics.
Figure 3 – The Zaloni Data Platform provides a central console from which to ingest, manage, and govern the data in your AWS data lake.
AWS Support and GDPR
AWS Premium Support works with customers and APN Partners to implement cloud best practices in order to assist compliance efforts, including GDPR. Cloud Support Engineers are trained to answer technical questions with best practices to help identify and mitigate compliance risks.
APN Partners or customers with AWS Enterprise Support can work with their Technical Account Manager (TAM) to identify risks and subsequent mitigations.
Two of the AWS programs you may find useful are:
- Cloud Operations Review – Available for AWS Enterprise Support customers, this program identifies gaps in the approach to operating in the cloud. Originating from a set of best practices distilled from our experience with a large set of representative customers, this review helps customers identify operational risks that are key in their journey to GDPR compliance. The program uses a four-pillared approach with a focus on preparing, monitoring, operating, and optimizing cloud-based systems in pursuit of operational excellence.
- Well-Architected Review – This program allows organizations to measure their architectures against AWS best practices and construct ones that are secure, reliable, high performance, and cost-effective. Well-Architected Reviews allow customers and APN Partners to understand where they have risks and to address them before applications are put into production.
You can find more information in the AWS Support Center, by using the contact details specified in the Enterprise Support Agreement entered into with AWS, or by visiting the AWS Premium Support page. Customers with Enterprise Support should reach out to their TAM with GDPR-related questions.
AWS Professional Services and GDPR
AWS Professional Services is running a number of activities to help customers and APN Partners on their journey to GDPR compliance. Professional Services consultants are helping answer GDPR questions by delivering private consulting sessions as well as public speaking engagements, webinars, and workshops at AWS Summits and AWS Pop-up Lofts.
The AWS Professional Services team is also working directly with customers and APN Partners to offer technical guidance around GDPR and implement data protection by design and by default, using AWS tools. More details on how our consultants are helping customers and APN Partners can be found on the AWS Professional Services page.
In addition to offering support through APN Partners, AWS Premium Support, and AWS Professional Services, we have a range of self-service options to help you on the journey to GDPR compliance. Visit the AWS GDPR Center to access a number of educational resources, including FAQs, videos, whitepapers, and guidance on how customers and APN Partners can prepare for GDPR compliance.
At AWS Summits and AWS Pop-up Lofts around the world, we will be hosting sessions dedicated to GDPR. We are also offering a series of online webinars—in multiple European languages—to supplement the in-person events.