GDPR Compliance Program
Partnered with Legal to provide audit data proving EU data privacy compliance, mitigating potential fines up to €20M or 4% of worldwide revenue.
The Challenge
Amazon Legal teams needed to prove GDPR compliance to EU auditors but couldn't access the necessary data to demonstrate EU data privacy compliance. Without proper audit evidence, Amazon faced potential fines of up to €20M or 4% of total worldwide annual revenue—whichever was greater. The data needed for compliance evidence was distributed across Basin's data producers, and there was no established process for extracting and delivering this information to satisfy regulatory requirements.
My Approach
Partnered directly with Legal to understand the specific audit requirements and what data would satisfy EU regulators. Worked across Basin's data producers to identify and extract the compliance evidence needed, coordinating data delivery in formats that met Legal's documentation requirements. Established a repeatable process for future compliance audits, ensuring Amazon could efficiently respond to ongoing regulatory inquiries without recreating the data gathering effort each time.
Key Deliverables
Partnered with Legal to define audit data requirements for GDPR compliance
Coordinated with data producers across Basin to extract compliance evidence
Delivered audit documentation meeting EU regulatory requirements
Established repeatable process for future compliance audits
Technologies & Tools
Related Projects
Basin: Amazon Security's Data Lake
Platform processing 9PB daily from 350,000+ sources supporting ML workloads and security analytics across AWS.
Fangorn Coral Collector Deployment
Deployed security log collectors on 350,000+ hosts across all AWS regions, achieving 97% security coverage with <1% CPU impact.
Want to discuss this project?
I'd love to share more details about my approach and results.
Get in Touch