General Data Protection Regulation (GDPR) Center
GDPR compliance when using AWS services
Focuses
Customer control
Customers have control of their customer data. With AWS, customers can:
- Determine where their customer data will be stored, including the type of storage and geographic region of that storage.
- Choose the secured state of their customer data. We offer customers strong encryption for customer data in transit or at rest, and we provide customers with the option to manage their own encryption keys.
- Manage access to their customer data and AWS services and resources through users, groups, permissions and credentials that customers control.
Transfers outside the European Economic Area (EEA)
AWS customers can continue to use AWS services to transfer customer data from the EEA to non-EEA countries that have not received an adequacy decision from the European Commission (including the United States) in compliance with the GDPR. At AWS, our highest priority is securing customer data, and we implement rigorous technical and organizational measures to protect its confidentiality, integrity, and availability, regardless of which AWS Region the customer has selected. We know that transparency matters to our customers. We list the AWS services that involve a data transfer of customer data on our Privacy Features webpage.
As the regulatory and legislative landscape evolves, we will always work to ensure that our customers can continue to enjoy the benefits of AWS services wherever they operate. Please see our customer update on the EU-US Privacy Shield and our blog posts on the Supplementary Addendum to the AWS Data Processing Addendum and the CISPE Data Protection Code of Conduct for additional information.