Hybrid Architectures to Address Personal Data Processing Requirements

Publication date: August 2, 2023 (Document history)

This document was created to assist customers that have presence or business in countries which have no AWS infrastructure (AWS Region) to develop hybrid cloud architectures by using the reference architecture diagrams provided in this whitepaper. These architectures can be used as building blocks in cases where customers decide to use AWS as a hybrid platform. The architectures can work independently, or integrate with other solutions and AWS services using existing data flow or API.

Introduction

Personal data processing requirements, applied in most countries around the globe, set up rules related to the processing of data involving an identified or identifiable natural (living) person. Most requirements set up data collection, hosting, transfer, or processing rules, bounded by country borders. If a cloud provider has no local infrastructure in a given country, this means it blocks customer workloads and personal data processing requirements from using cloud infrastructure. A possible solution is using hybrid architecture, which addresses the requirements using country-based infrastructure to host sensitive data, and uses cloud infrastructure for other workloads.

This document can be used by customers in most Regions to address personal data processing requirements. Some Regions, such as CEE, Africa, and Asia, have similar requirements to what is considered in the document. Requirements for some Regions would necessitate a re-design of the proposed architectures. It is the customer’s responsibility to address any data protection requirements for their country or Region.

Note

AWS Outposts is not available in some countries as of March 2023.

Disclaimer: In this document, AWS provides patterns, or concepts, of architectures. These patterns don’t address all possible requirements and should be considered as examples. You may need to redesign these architectures, or combine them with other components to address your use cases. AWS does not provide legal advice, and this document is not to be understood as legal advice or assurance. Compliance involving these architecture implementations is the responsibility of the customer.

You can use AWS services with the confidence that your customer data stays in the AWS Region you select. A small number of AWS services involve the transfer of customer data; for example, to develop and improve those services, where you can opt-out of the transfer, or because transfer is an essential part of the service.

Note

Customers who do not have sensitive data that is subject to regulation can use the AWS Cloud without relying on local resource and building hybrid architectures.

Are you Well-Architected?

The AWS Well-Architected Framework helps you understand the pros and cons of the decisions you make when building systems in the cloud. The Six Pillars of the Framework allow you to learn architectural best practices for designing and operating reliable, secure, efficient, cost-effective, and sustainable systems. Using the AWS Well-Architected Tool, available at no charge in the AWS Management Console, you can review your workloads against these best practices by answering a set of questions for each pillar.

For more expert guidance and best practices for your cloud architecture—reference architecture deployments, diagrams, and whitepapers—refer to the AWS Architecture Center.