Corporater SaaS

All AWS services are GDPR compliant.

AWS offers a GDPR-compliant Data Processing Addendum (DPA), enabling us to comply with GDPR contractual obligations.

AWS’s has a long list of internationally-recognized certifications and accreditations, demonstrating compliance with rigorous international standards, such as ISO 27001 for technical measures, ISO 27017 for cloud security, ISO 27018 for cloud privacy, SOC 1, SOC 2 and SOC 3, PCI DSS Level 1, and EU-specific certifications such as BSI’s Common Cloud Computing Controls Catalogue (C5).

AWS has teams of compliance, data protection, and security experts, as well as the APN, helping customers across Europe prepare for running regulated workloads in the cloud as the GDPR becomes enforceable.

Many requirements under the GDPR focus on ensuring effective control and protection of personal data. AWS services have the capability to implement our own security measures in order to enable our compliance with the GDPR, including specific measures such as:

• Encryption of personal data
• Ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
• Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
• Processes for regularly testing, assessing, and evaluating the effectiveness of technical and organizational measures for ensuring the security of processing

This is an advanced set of security and compliance services that are designed specifically to handle the requirements of the GDPR.

Additionally, AWS published a whitepaper, “Navigating GDPR Compliance on AWS,” dedicated to this topic. This paper details how to tie GDPR concepts to specific AWS services, including those relating to monitoring, data access, and key management. Furthermore, AWS GDPR Center gives access to the up-to-date resources we need to tackle requirements that directly support our GDPR efforts.

Corporater takes privacy seriously and has all the relevant policies and procedures to make sure that it complies with the obligations found in GDPR and DPA.

Our Global Data Protection Policy and Global Operational Procedures address among other GDPR requirements, the matter of data security in accordance with Article 32. These documents are also supplied by our more general Information Security Policies and procedures.

This ensures that Corporater has the technical and organisational security measures in place to protect all personal data within the processing systems. These security measures are appropriate to the risks of varying likelihood and severity for the rights and freedoms of individuals associated with the processing of personal data within the processing systems and, in particular, with the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to those personal data.

In assessing what security measures are appropriate, we take into the account security best practices, and the nature, scope, context and purposes of the processing to be carried out by the processing system.

Where appropriate, they will include pseudonymisation and encryption of personal data, the ability to ensure the ongoing confidentiality, integrity, availability and resilience of the processing system, the ability to restore the availability of, and access to, personal data in a timely manner in the event of a physical or technical incident and a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing system.