New DPIA and DTIA on AWS for Dutch central government: all high risks solved
The outcome of this Data Protection Impact Assessment (DPIA) is that there are no longer any known high risks if Dutch government organizations follow the recommended mitigation measures in this DPIA. As a result of the negotiations between SLM Rijk and AWS, AWS has taken organizational and contractual measures to mitigate 7 previously identified high data protection risks. To mitigate the high risks of transferring data to the United States, government organizations can encrypt special or highly sensitive personal data with a self-managed key and pseudonymize the administrator's account information. Transfer risks are described separately in a Data Transfer Impact Assessment (DTIA)..Government organizations can also mitigate or accept the 9 remaining low risks listed in the table at the bottom of this blog.