For those that have already implemented a high bar for compliance, security, and data privacy, the move to GDPR should be simple. For those who are yet to start their journey to GDPR compliance, we urge you to start reviewing your security, compliance, and data protection processes now to ensure a smooth transition in May 2018. Here are some of the key points that you should consider for GDPR compliance:

• Territorial Reach: Determining whether the GDPR applies to an organisation’s activities is essential to ensuring that organisation's ability to satisfy its compliance obligations. The GDPR applies to all organisations that are established in the EU. However, depending on your activities, the GDPR may also apply to you if you are established outside the EU.
• Data Subject Rights: The GDPR enhances the rights of data subjects in a number of ways. For example, data subjects have the right to object to the processing of their data and they have the right to data portability. You will need to make sure you can accommodate the rights of data subjects if you are processing their personal data.
• Data Breach Notifications: If you are a data controller, you will need to report data breaches to the data protection authorities without undue delay. Using AWS gives you control over how you want to process personal data and protect it. This gives you the ability to monitor your own environment for privacy breaches and to notify regulators and affected individuals as required under the GDPR. In addition, AWS will notify you without undue delay if we are aware of a breach of our security standards relating to the AWS network.
• Data Protection Officer (DPO): You may need to appoint a DPO who will need to manage data security and other issues relating to the processing of personal data.
• Data Protection Impact Assessment (DPIA): You may need to conduct, and in some circumstances you may be required to file with the supervisory authority, a DPIA for your processing activities. This will need to identify your data handling procedures and processes, as well as the controls in place to protect personal data.
• Data Processing Agreement (DPA): You may need a DPA that will meet the requirements of the GDPR particularly if personal data is transferred outside the EEA. AWS offers customers a GDPR DPA that is available on request to help customers prepare for next May.

GDPRBenchmark offers a wide range of services and specific service features which help customers to meet requirements of the GDPR, including services for access controls, monitoring, logging and encryption. More information on these can be found in the section above, "What services does AWS offer customers to help them comply with the GDPR?"

We also have teams of compliance, data protection, and Security experts, as well as AWS Partner Network Partners, working with customers across Europe to answer their questions and help them prepare for running workloads in the cloud after the GDPR becomes enforceable. For additional information on this, please contact your AWS Account Manager.