Customers can therefore be comfortable that any customer data they transfer to third countries using AWS services has the same high level of protection that customer data receives in the EEA. The few customers that have signed an AWS GDPR DPA can continue to rely on that AWS GDPR DPA because the new SCCs in the AWS Service Terms replace the previous version of the SCCs. As part of the AWS Service Terms, the new SCCs will apply automatically whenever a customer uses AWS services to transfer customer data to third countries. The AWS Service Terms include the SCCs adopted by the European Commission (EC) in June 2021, and the AWS GDPR DPA confirms that the SCCs will apply automatically whenever an AWS customer uses AWS services to transfer customer data to countries outside of the European Economic Area that have not received an adequacy decision from the EC (third countries). What are the Standard Contractual Clauses (SCCs)?.Please see the AWS Privacy Notice for details on how AWS processes personal data as a controller. email addresses provided during the account registration) for account registration, administration, services access, or contact information for the AWS account to provide assistance through customer support activities – it acts as a data controller. AWS as a data controller – When AWS collects personal data and determines the purposes and means of processing that personal data – for example, when AWS stores account information (e.g.The AWS GDPR DPA, which includes Standard Contractual Clauses, is part of the AWS Service Terms and is automatically available for all customers who require this to comply with the GDPR. AWS offers a GDPR-compliant AWS GDPR Data Processing Addendum (AWS GDPR DPA) that incorporates AWS’s commitments as data processor. Under these circumstances, the customer may act as a data controller or data processor itself, and AWS acts as a data processor or sub-processor. Customers can use the controls available in AWS services, including security configuration controls, for the handling of personal data. AWS as a data processor – When customers use AWS services to process personal data in the content they upload to the AWS services, AWS acts as a data processor.
AVG CLEAR PRIVACY PROTECTION PASSWORD UPDATE
Please see our customer update on the EU-US Privacy Shield and our blog posts on the Supplementary Addendum to the AWS GDPR Data Processing Addendum and the CISPE Data Protection Code of Conduct for additional information.ĪWS acts as both a data processor and a data controller under the GDPR. We list the AWS services that involve a data transfer of customer data on our Privacy Features webpage.Īs the regulatory and legislative landscape evolves, we will always work to ensure that our customers can continue to enjoy the benefits of AWS services wherever they operate. At AWS, our highest priority is securing customer data, and we implement rigorous technical and organizational measures to protect its confidentiality, integrity, and availability, regardless of which AWS Region the customer has selected. We know that transparency matters to our customers. AWS customers can continue to use AWS services to transfer customer data from the EEA to non-EEA countries that have not received an adequacy decision from the European Commission (including the United States) in compliance with the GDPR.
0 kommentar(er)
