GDPR Aws Compliance Checklist - 0xffccdd/cloud-security-wiki GitHub Wiki

If you are an AWS customer, you are required to comply with the EU General Data Protection Regulation (GDPR) by May 25, 2018. The regulation sets out strict rules about how personal data must be collected, processed, and protected.

You can get a playbook on how to respond to security incidents in Cloud and Container environments here.

If you are not yet compliant, don’t panic! We’ll walk you through the steps you need to take to get started.

  1. Understand the GDPR requirements

The GDPR applies to any company that processes the personal data of EU citizens, regardless of where the company is located. Personal data includes any information that can be used to identify an individual, such as name, email address, or social media handle.

The GDPR requires companies to take a number of steps to protect personal data, including:

Obtaining explicit consent from individuals before collecting or processing their data

Providing clear and concise information about how data will be used

Implementing data security measures to protect data from unauthorized access or theft

Ensuring that individuals have the right to access their data and request changes or corrections

  1. Review your data collection and processing practices

The first step in getting GDPR compliance is to review your data collection and processing practices. If you are collecting data without obtaining consent, or if you are not providing clear and concise information about how data will be used, you need to make changes.

  1. Update your privacy policy

If you are collecting data from EU citizens, you must update your privacy policy to include information about how you will comply with the GDPR. Your privacy policy must be clear and concise, and it must explain how individuals can access their data and request changes or corrections.

  1. Implement data security measures

The GDPR requires companies to implement data security measures to protect data from unauthorized access or theft. This includes implementing physical security measures, such as locks and security cameras, and implementing technical security measures, such as firewalls and encryption.

  1. Train your employees

Employees must be trained on how to protect personal data. This includes understanding the GDPR requirements and implementing the data security measures outlined in your data security plan.

  1. Review your contracts

If you are sharing personal data with third-party vendors, you must review your contracts to make sure that the vendors are GDPR compliant. The GDPR requires companies to take steps to ensure that third-party vendors protect personal data.

  1. Create an incident response plan

If your company experiences a data breach, you must have a plan in place to respond. The GDPR requires companies to notify individuals of a data breach within 72 hours of discovering it. Your incident response plan should include steps to prevent data breaches, steps to take if a data breach occurs, and steps to take to mitigate the damage.

  1. Test your GDPR compliance

Once you have implemented the steps outlined above, you need to test your GDPR compliance. This includes testing your data security measures, your privacy policy, and your incident response plan.

The GDPR deadline is fast approaching, but it’s not too late to get compliant. By following the steps outlined in this blog, you can ensure that your company is in compliance with the GDPR.