AWS Data Processing Addendum (DPA)
AWS offers a GDPR-compliant Data Processing Addendum (GDPR DPA), which enables customers
to comply with GDPR contractual obligations. The AWS GDPR DPA is incorporated into
the AWS Service Terms
On 16 July 2020, the Court of Justice of the European Union (CJEU) issued a ruling regarding the EU-US Privacy Shield and Standard Contractual Clauses (SCCs), also known as “model clauses.” The CJEU ruled that the EU-US Privacy Shield is no longer valid for the transfer of personal data from the European Union (EU) to the United States (US). However, in the same ruling, the CJEU validated that companies can continue to use SCCs as a mechanism for transferring data outside of the EU.
Following this ruling, AWS customers and partners can continue to use AWS to transfer
their content from Europe to the US and other countries, in compliance with EU data protection
laws – including the General Data Protection Regulation (GDPR). AWS customers can rely on the
SCCs included in the AWS Data Processing Addendum (DPA) if they choose to transfer their data
outside the European Union in compliance with GDPR. As the regulatory and legislative
landscape evolves, we will work to ensure that our customers and partners can continue to
enjoy the benefits of AWS everywhere they operate. For additional information, see the EU-US Privacy Shield
FAQ