Appunta
International Data Spaces Facilitator | Personal Opinion
Data Protection Impact Assessment – AWS. Big Credits to Sjoera Nas. See https://lnkd.in/eikw-7E8. Commissioned by the strategic vendor management for Microsoft, Google and Amazon Web Services at the central Dutch government (SLM Rijk), privacy Company and Sjoera Nas investigated the data protection and data transfer risks of the use of three key cloud services from Amazon Web Services Inc. The outcome of this Data Protection Impact Assessment (DPIA) is that there are no more known high risks if Dutch government organisations follow the recommended mitigating measures in this DPIA. As a result of the negotiations between SLM Rijk and AWS, AWS has taken organisational and contractual measures to mitigate 7 previously identified high data protection risks. To mitigate the high risks of data transfer to the United States, government organisations can encrypt special or very sensitive personal data with a self-managed key, and pseudonymise the admin account data. The transfer risks are described separately in a Data Transfer Impact Assessment (DTIA). AWS services AWS provides many different cloud services, as infrastructure, as platform and as software. The dpia assesses the risks of the use of Amazon Elastic Compute Cloud (Amazon EC2), Amazon Simple Storage Service (Amazon S3) and Amazon Relational database Service (Amazon RDS, in this case with a MySQL database). The report distinguishes between 5 categories of personal data processed by AWS: 1. Content Data (customer uploaded Content Data in the VMs and storage spaces) 2. Account Data (including Contact Data) 3. Diagnostic Data (including Configuration and Security Data) 4. Support Data 5. Website Data (the restricted access Admin Console) AWS data processor for most personal data AWS contractually qualifies as data processor for the personal data in the Content Data, Account, Diagnostic, Support and restricted access Website Data. https://lnkd.in/eJudtKJh.
