Data Protection in Germany

Using the following options, AWS customers control content throughout its lifecycle, including content classification, access control, retention, and deletion:

• Define where the content is located, for example the type and geographic location of storage.
• Define the format of the content, for example: plain text, masked, anonymized, or encrypted.
• Use further access controls such as identity and access management and security credentials.

Standard Contractual Clauses are a set of standard provisions defined and approved by the European Commission that can be used to enable personal data to be transferred in a compliant way by a data controller to a data processor outside the European Economic Area.

The AWS Privacy Notice describes how we collect and use personal data that customers provide us in connection with the AWS website or marketing activities and products and services from AWS and its affiliated companies (e.g., the personal data that customers enter into our system when opening their AWS account). The Privacy Notice applies to this personal data but not to content that our customers store in our systems. AWS Services are designed so that customers have control over their content, including where and how their content is stored and who has access to it.

Yes. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA) which includes the Standard Contractual Clauses to enable the transfer of data from outside of Europe. The AWS GDPR DPA is incorporated into the AWS Service Terms and applies automatically to all customers globally who require it to comply with the GDPR.