General Data Protection Regulation (GDPR) Center

GDPR compliance when using AWS services

The European Union’s General Data Protection Regulation (GDPR) protects European Union (EU) individuals’ fundamental right to privacy and the protection of personal data. The GDPR includes robust requirements that raise and harmonize standards for data protection, security, and compliance. Please review our GDPR FAQs below for more information.

AWS customers can use all AWS services to process personal data (as defined in the GDPR) that is uploaded to the AWS services under their AWS accounts (customer data) in compliance with the GDPR. In addition to our own compliance, AWS is committed to offering services and resources to our customers to help them comply with the GDPR requirements that may apply to their activities. New features are launched regularly, and AWS has 500+ features and services focused on security and compliance. For more information on what AWS is doing read our blog How AWS is helping EU customers navigate the new normal for data protection.

Customer control

Customers have control of their customer data. With AWS, customers can:

  • Determine where their customer data will be stored, including the type of storage and geographic region of that storage.
  • Choose the secured state of their customer data. We offer customers strong encryption for customer data in transit or at rest, and we provide customers with the option to manage their own encryption keys.
  • Manage access to their customer data and AWS services and resources through users, groups, permissions and credentials that customers control.
Learn more »

Transfers outside the European Economic Area (EEA)

AWS customers can continue to use AWS services to transfer customer data from the EEA to non-EEA countries that have not received an adequacy decision from the European Commission (including the United States) in compliance with the GDPR. At AWS, our highest priority is securing customer data, and we implement rigorous technical and organizational measures to protect its confidentiality, integrity, and availability, regardless of which AWS Region the customer has selected. We know that transparency matters to our customers. We list the AWS services that involve a data transfer of customer data on our Privacy Features webpage.

As the regulatory and legislative landscape evolves, we will always work to ensure that our customers can continue to enjoy the benefits of AWS services wherever they operate. Please see our customer update on the EU-US Privacy Shield and our blog posts on the Supplementary Addendum to the AWS GDPR Data Processing Addendum and the CISPE Data Protection Code of Conduct for additional information.

GDPR resources

Navigating GDPR Compliance on AWS
Download whitepaper »
What you need to know about Brexit and AWS
Learn more »
AWS Security Blog Posts on GDPR
Learn more »
Privacy Features of AWS Services
Learn more »

GDPR FAQs

Overview and GDPR basics


AWS and GDPR compliance following the Schrems II ruling and EDPB Recommendations


Technical and organizational measures


AWS and the UK GDPR


Contact


Have Questions? Connect with an AWS Business Representative
Exploring compliance roles?
Apply today »
Want AWS Compliance updates?
Follow us on Twitter »