GDPR / DSGVO AWS Compliance Check
European data protection, mandatory for every company in the EU. 59 checks
Framework overview
GDPR / DSGVO
The General Data Protection Regulation (GDPR) governs how organizations handle personal data of EU citizens. On AWS, compliance means encrypting data at rest and in transit, logging access, minimizing data collection, implementing deletion workflows, and maintaining documented processing agreements. Violations carry fines of up to 4% of annual global revenue.
Who needs this
Relevant for
Every company processing personal data of EU citizens
What the scan checks
Example check areas
Data encryption, access logging, data minimization, deletion concepts, data processing agreements
Frequently asked questions
How does GDPR apply to AWS infrastructure?
GDPR requires you to protect personal data of EU citizens wherever it is processed. On AWS, that translates to encryption at rest and in transit, access logging, data minimization, automated deletion workflows, and a documented Data Processing Agreement with AWS.
What does the GDPR compliance scan check?
59 controls focused on the technical side: encryption settings, access logging configuration, data retention policies, and processing agreement indicators. The scan identifies AWS misconfigurations that could expose you to GDPR violations.
Does the scan cover all GDPR requirements?
It covers the technical infrastructure requirements verifiable through AWS configuration. Organizational measures like privacy policies, consent management, and appointing a Data Protection Officer fall outside the scope of an automated scan and require separate assessment.