This workshop is designed to support customers who apply due diligence and discovery efforts around data privacy regulations and compliance frameworks. We provide an introductory overview of AWS and data privacy. We also discuss the AWS shared responsibility model and where data can live in AWS environments. Finally, we give an overview of the available AWS services and features that support data privacy compliance.

1. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Privacy by design on AWS
Jonathan Jenkyn
Senior Consultant, Security
AWS Professional Services, GFS
F N D 2 0 2 - R
Tomas Clemente Sanchez
Senior Consultant, Security
AWS Professional Services, GFS

2. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Agenda
AWS approach to privacy
Building a data protection impact assessment (DPIA)
Fabricated case study
Review DPIA with focus on AWS services

3. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Related breakouts
Tuesday, June 25
SEP208 - Designing for data privacy on AWS
1:00 PM – 2:00 PM | Level 2, Room 207
Tuesday, June 25
SEP204 - Privacy, ethics, and engineering in emerging technology
2:30 PM – 3:30 PM | Level 0, Hall B2, Yellow
Wednesday, June 26
GRC324-R & GRC324-R1 - Use AWS Config rules to satisfy your compliance needs
2:45 PM – 3:45 PM | Level 1, Room 154
5:00 PM – 6:00 PM | Level 2, Room 207

4. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

5. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Shared Responsibility Model

6. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Privacy standards and
regulations
AWS delivers services to millions of
active customers in over 190
countries

7. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
What AWS provides
Terms and conditions
Transparency
Compliance/security tools and services
Amazon Partner Network and AWS Marketplace
Deep industry expertise
Independent audit and attestation

8. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
AWS Professional Services approach
Discover
Assess
Implement

9. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

10. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
OECD privacy framework
• Collection limitation
• Data quality
• Purpose specification
• Use limitation
• Security safeguards
• Openness
• Individual participation
• Accountability

11. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
"John Stiles"
"J Stiles"
"123, Any Street, Any Town, USA"
"203.0.113.35"
"j.stiles@amazon.com"
"555-0158"
"PHPSESSID=68fc543de45f67ba"
"876567898765"
Discovery: What does personal data look like in my
solution?

12. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Discovery: Review architecture documentation
Ingress
•Collection limitation
•Data quality
•Security
Processing
•Use limitation
•Purpose specification
•Individual participation
•Openness
•Accountability
Egress
•Security safeguards
•Use limitation
•Purpose specification

13. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

14. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Wild Rydes
Unicorn taxi business wants to
integrate with:
• HulaCorn – Unicorn food delivery
• Hypno Hotels – Hotel chain
• Schrödinger Parcel Services –
Luggage management
• Stars & Swipes – Customer food-
delivery service

15. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Wild Rydes architecture

16. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
HulaCorn: Discover
(worked example)
Delivery of unicorn treats and food,
integrated with Wild Rydes
For each OECD principle, consider
the integration requirements

17. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

18. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

19. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Assess: Which AWS tools help manage my risk?
AWS Identity and
Access
Management
(IAM)
SAML
token
Amazon Cloud
Directory
Identity & access management
AWS
CloudTrail
AWS
Config
Amazon
CloudWatch
Monitoring & logging
AWS
KMS
AWS
CloudHSM
AWS
Certificate
Manager (ACM)
Encryption
Amazon
GuardDuty
Amazon
Macie
Amazon Inspector
Security & compliance

20. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Assess: User story security control definitions
As a <role>
I want <behavior>
so that <outcome>
Example:
As an FND202 participant
I want to engage in practical exercises around privacy by design on AWS
so that I fully understand the learning and am able to reuse it in my own work.

21. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
HulaCorn: Assess (worked
example)
For each identified risk,
recommend controls to mitigate
Responsive Detective
Directive Preventive
CAF security
perspective

22. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

23. © 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.

24. Thank you!
© 2019,Amazon Web Services, Inc. or its affiliates. All rights reserved.
Jonathan Jenkyn
jjenkyn@amazon.co.uk
Tomas Clemente Sanchez
tomascle@amazon.es