Data Protection in Germany
Data protection is a top priority at AWS. We provide services for hundreds of thousands of organizations, including enterprises, educational institutions, and government agencies in over 190 countries. Our customers, who entrust us with some of their most sensitive information, include financial service providers and healthcare providers.
AWS is designed so that customers can control where and how their content is stored and who has access to it.
Customers Maintain Control of their Content Upon Creation and Across Every AWS Service
Using the following options, AWS customers control content throughout its lifecycle, including content classification, access control, retention, and deletion:
• Define where the content is located, for example the type and geographic location of storage.
• Define the format of the content, for example: plain text, masked, anonymized, or encrypted.
• Use further access controls such as identity and access management and security credentials.
AWS and "Standard Contractual Clauses"
Standard Contractual Clauses are a set of standard provisions defined and approved by the European Commission that can be used to enable personal data to be transferred in a compliant way by a data controller to a data processor outside the European Economic Area.
Customer Control Over Personal Information
The AWS Privacy Notice describes how we collect and use personal data that customers provide us in connection with the AWS website or marketing activities and products and services from AWS and its affiliated companies (e.g., the personal data that customers enter into our system when opening their AWS account). The Privacy Notice applies to this personal data but not to content that our customers store in our systems. AWS Services are designed so that customers have control over their content, including where and how their content is stored and who has access to it.
Does the AWS Data Processing Agreement apply the Standard Contractual Clauses?
Yes. AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA) which includes the Standard Contractual Clauses to enable the transfer of data from outside of Europe. The AWS GDPR DPA is incorporated into the AWS Service Terms and applies automatically to all customers globally who require it to comply with the GDPR.