AWS Security Blog

AWS Frankfurt Region Opens—AWS Highlights European Data Protection

With the AWS Frankfurt Region officially launched, we’d like to share European and data protection–specific information we’ve published to assist AWS customers who want to store content containing personal data. This information can be found in the newly released Whitepaper on EU Data Protection, a key resource available to customers who want to use AWS to store content containing personal data or who have concerns about meeting data protection requirements.

The target audience for this whitepaper is any AWS customer who operates with and stores sensitive, regulated, or personal data along with those who have concerns about their regulatory data protection requirements and how to potentially meet said requirements. The whitepaper describes how you can use AWS services in compliance with Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (also known as the “Directive”). 

We know the security of sensitive and regulated data is of paramount concern to you. In fact a recent study indicated it’s the most important factor as organizations consider moving or adding more of their workloads to the cloud. Specific questions considered in the Whitepaper on EU Data Protection are issues of data protection:

  • Will the content be secure?
  • Where will content be stored?
  • Who will have access to content?
  • What laws and regulations apply to the content and what is needed to comply with these?

In this whitepaper, we start with the AWS “Shared Responsibility” model with an emphasis on data security, outlining tools to be considered in a holistic data protection program (firewall configuration, encryption, access management). Our specific applicable regions are also described, and concerns over government access rights are addressed. Additionally, data protection principles such as “Data Retention,” “Lawful basis,” and “Purpose Limitation” are defined and outlined, providing education about protection summaries as well as AWS’s stance on each principle. Notification examples are also provided around “Data Breaches” and “Customer’s third-party service providers.”

You can use this whitepaper as a reference as you start your research on cloud security to enable data protection. You can also use this whitepaper if you’re simply looking to verify that you’re on the right track with your own privacy policies. Please feel free to reach out to us with any additional concerns or questions.

– Chad Woolf, Director, AWS Risk and Compliance

Additional Resources: