The following descriptions provide an overview of the technical and organizational security measures being implemented. It should be noted, however, that in order to protect the integrity of security measures and data security, detailed descriptions may not be available, but additional information on technical and organisational measures may be included in the Security Directive. It was recognized and it was agreed that the Safety Directive and the technical and organisational measures described in it will be updated and amended from time to time, at the sole discretion of the subcontractor. Notwithstanding the above, technical and organisational measures will not be inferior, in one way or another, to the measures described in the Safety Directive. The AWS cloud infrastructure was designed as one of the most flexible and secure cloud computing environments available today. Amazon`s reach allows it to invest much more in security policing and counter-measures than almost any large single company could afford. This infrastructure consists of hardware, software, networks and facilities that perform AWS services that provide customers and APN partners with powerful controls, including security controls, for the processing of personal data. For more details on AWS`s actions to maintain a consistently high level of security, see the AWS Overview of Security Processes white paper. The AWS Professional Services team conducts a series of activities to assist APN clients and partners in their path to RGPD compliance. Professional service consultants help answer RGPD questions by providing private consulting meetings as well as public conferences, webinars and workshops at AWS Summits and AWS Pop-up Lofts. The AWS Professional Services team also works directly with APN clients and partners to provide technical guides on the RGPD and implement data protection by default using AWS tools. For more information on how AWS Professional Services Consultants helps APN clients and partners, please visit: aws.amazon.com/professional-services/. In the letter to AWS, the Article 29 working group stated: “EU data protection authorities have analysed the agreement proposed by Amazon Web Services” and “concluded that the revised addendum to data processing is in accordance with the 2010/87/EU contract clause and should not be an ad hoc clause.” This means that customers can sign the AWS Data Processing Addendum with standard clauses without the permission of the data protection authorities, which would be necessary for contractual clauses intended to meet EU data protection rules that have not been approved and which are called “ad hoc clauses”.
The standard contractual clauses are a set of standard provisions defined and approved by the European Commission, which can be used to enable the transfer of personal data by a processing manager to a data processor outside the European Economic Area. 10.5 The parties acknowledge that it is a requirement for the processing manager to inform the subcontractor, within a reasonable time, of changes to existing data protection laws, codes or rules that may affect the subcontractor`s contractual obligations. The subcontractor reacts, within a reasonable time, to any changes that must be made to the conditions of this data protection authority or to technical and organisational measures to maintain compliance.