Data Access Controls - Navigating GDPR Compliance on AWS

Data Access Controls

Article 25 of the GDPR states that the controller “shall implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed”. The following AWS access control mechanisms can help customers comply with this requirement by allowing only authorized administrators, users, and applications to get access to AWS resources and customer data.