You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: pages/object-storage/how-to/host-healthcare-data.mdx
+8-1Lines changed: 8 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,6 +24,7 @@ This documentation provides the following elements:
24
24
25
25
- A Scaleway account logged into the [console](https://console.scaleway.com)
26
26
-[Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
27
+
- Signed an HDS contract with Scaleway for the garantees outlined in the [shared responsibility model]() to apply
27
28
28
29
## How to create a compliant bucket
29
30
@@ -47,6 +48,8 @@ Even though you can use an existing bucket to host healthcare data, we strongly
47
48
48
49
9. Click **Create bucket** to confirm.
49
50
51
+
10. If you use a [customer-side encryption mechanism](#customer-side-encryption), enable bucket encryption using the [PutBucketEncryption]() action.
52
+
50
53
Your bucket is now ready to store healthcare data. Before uploading objects, refer to the sections below for information on how to encrypt and delete your objects in compliance with regulations.
51
54
52
55
## Prohibited actions on a compliant Bucket
@@ -57,6 +60,8 @@ to host healthcare data, you must comply to the following requirements:
57
60
58
61
- You must not use [lifecycle rules](/object-storage/concepts/#lifecycle-configuration) in your compliant bucket.
59
62
63
+
- If you use a [customer-side encryption mechanism](#customer-side-encryption), you must no delete the bucket encryption.
64
+
60
65
<Messagetype="important">
61
66
Failure to comply with these requirements may lead to voiding compliance on the objects contained in the bucket.
62
67
</Message>
@@ -79,7 +84,9 @@ Customer-side encryption ensures that sensitive data is protected before reachin
79
84
80
85
## How to delete objects
81
86
82
-
Objects must be deleted following in a compliant way to make sure data cannot be retrieved afterward. The deletion method varies according to the encryption method.
87
+
Objects must be deleted in a compliant way to make sure data can not be retrieved by any means immediately afterward. When using the HDS-compliant method (using the `PutBucketEncryption` action), Scaleway encrypts your uploaded objects with a dedicated key that will be instantly deleted upon receiving a deletion request for the targeted objects.
88
+
89
+
This mechanism guarantees your objects can not be immediately retrieved, even if it takes additionnal time to process the delete of all the remaining chunks of your deleted objects.
0 commit comments