Your way for Implementation of EU-GDPR.
GDPR: what you need to know
The GDPR includes numerous requirements for the collection, storage and use of personal information. In order to prevent the unlawful use of data, all relevant systems and processes may need to be revised or redesigned. The primary concern arises from the potential processing of data without consent from the data subject. The storage and use of that personal data must also comply with the GDPR.
With data subjects now having the right to correct data, withhold approval for processing, request deletion, or retrieve a copy of their data, organizations need appropriate tools and systems to meet these new requirements. Advanced data policies also need to be implemented in order to map the use of personal information in accordance with the GDPR, while meeting the new transparency and reporting requirements.
An important step on the way to GDPR compliance is the automation of personal data sorting and classification. GDPR-specific templates simplify the identification and classification of such data, for example, by automatically identifying certain types of personal information (such as addresses, telephone numbers or even medical information).
In addition, the high penalties for violations make data governance tools extremely important. These ensure that the processing of the data is thoroughly documented so that organizations can prove they are compliant, identify potential risk factors at an early stage and react effectively and legally to security problems.
Microsoft believes that the EU's General Data Protection Regulation is an important step on the road to clarifying and implementing individuals' privacy rights. Brad Smith, Microsoft's president and chief legal officer stated: “We believe privacy is a fundamental human right. GDPR is an important step forward for people in Europe and around the world.
Microsoft has outlined a standardized four-step process to help you ensure your GDPR compliance experience goes smoothly:
- Identify: Identify the personal information that exists in your organization and its locations.
- Manage: Control the way personal data is used and how it is accessed.
- Protect: Establish security controls to prevent, detect and respond to data breaches and data loss.
- Report: Archive the required documentation and manage data requests and notifications of data breaches.
Find and protect personal information with Microsoft 365 solutions
Organizations in every industry and regulatory environment need to protect their sensitive and confidential information. One specific challenge arises from the exponential growth of data, which nowadays circulates with increasing freedom through internal company systems, cloud applications and end users' laptops and smartphones. In your organization, you need to know where your sensitive data is located, and strive for it to be continuously and thoroughly protected – especially if it‘s personal data as defined by the GDPR. Microsoft solutions can help you ensure your company offers consistent data protection.
Powerful information protection features help you classify, protect and control your sensitive data. Thanks to our products‘ seamless integration, you can use the same labels everywhere, in solutions such as Office 365 and Azure Information Protection, meaning that labels stored in Office 365 (such as "Confidential /Personal Information") are automatically synchronized with Azure Information Protection and viceversa.
You can view all labels from one centralized location via the Microsoft Admin Center and edit them if necessary. The labels are therefore automatically available in areas such as Office 365 Advanced Data Governance, Office 365 Data Loss Prevention and Microsoft Cloud App Security.
This end-to-end model for labeling and protecting sensitive data makes it much easier for your users to select the correct confidentiality level when working with files or emails. The labeling functions are integrated directly into all flagship Office applications – such as Word, PowerPoint, Excel and Outlook. So, for example, if a user is editing an address list with customer data, they can easily select the appropriate confidentiality label in Excel. If the file then gets transferred to another location or is sent by email, the label remains.
Currently, there are more than 80 sensitive information types available out-of-the-box with which you can classify your data, including credit card numbers and ID numbers. A new GDPR-specific template also simplifies the process of identifying and classifying personal information, so that address information, phone numbers and health-related information can all be managed, classified and protected from the same location.
The Microsoft 365 Security & Compliance Center provides you with Data Loss Prevention (DLP) policies to identify, track and automatically protect sensitive data in Office 365. These policies are becoming more relevant under the GDPR as they allow you to easily identify personal data that affects people within the EU in your Office 365 environment. For example, your compliance officers can learn where personal information has been stored in SharePoint Online and OneDrive for Business, or when users have sent emails containing personally identifiable information. In addition, DLP allows you to set up your own tips regarding company policies, in order to make your users aware of the many important aspects to keep in mind while working with personal information. Learn more about DLP policies here.
GDPR: What’s next?
Now that we are past the May 2018 deadline, companies have to face new regulations and compliance requirements. In consequence, you need a comfortable infrastructure and solutions that allow you to continually assess and manage both your risks and your compliance status.
To help you manage your compliance risks through a centralized dashboard, Microsoft has introduced a new solution: Compliance Manager.
Compliance Manager is a useful tool for any organization that uses Microsoft cloud services. All aspects relevant to GDPR compliance are available here. You get:
- Real-time risk assessments
- Status information on your compliance level compared to GDPR regulations
- Evaluations and audit-ready reports
The GDPR has some key requirements regarding requests from data subjects – that is, the persons to whom the data stored in the company refers. Businesses must respond to such requests from people in the EU and give them access to their data. To support these requirements, the Microsoft 365 Security & Compliance Center provides a new environment dedicated to Data Subject Requests.
From here, you can handle all GDPR-related tasks for your Office 365 data and content, as well as receive, manage, and complete requests from data subjects across the core Office 365 applications and services, including Exchange, SharePoint, and OneDrive, Office 365 Groups, Skype for Business and Teams.
The Microsoft Service Trust Portal is the comprehensive online one-stop source for Microsoft cloud service customers (Office 365, Azure, Dynamics 365, and more). It provides centralized access to audit reports for Microsoft Cloud Services, compliance guides, and a library of trust documents. In order to support the GDPR requirements, the Service Trust Portal has been extended, and it now offers a new section, titled ‘Privacy‘, where you will find a number of tools and resources you can use to support the following (and other) compliance tasks in connection with the GDPR:
- Data Subject Requests (Art. 15 - GDPR - Right of access by the data subject)
- Resources for Breach Notifications (Article 33 - GDPR - Communication of a personal data breach to the supervisory authority)
- Documents for Data Protection Impact Assessments (Article 35 - GDPR - Data Protection Impact Assessment)
Find out more about these resources in this blog post.
Tips and resources for your GDPR compliance: How to get support from Microsoft
Whitepaper: GDPR for Education. A guide for educational institutions Download.
Webinar: Discover hands-on tools that make your way to GDPR compliance easier. Watch now
Discover our comprehensive collection of GDPR materials in the Microsoft Trust Center.
Reading tips and further resources
Get fit for the GDPR with Microsoft 365
Find out how you can meet your GDPR compliance goals with Microsoft 365.Download
Assess your readiness
How far are you on your journey to GDPR? Use our self-assessment tool and find out.Get started
3 steps to accelerate GDPR compliance
Microsoft is uniquely positioned to help you with the GDPR. View this infographic to see the three steps you should take on your GDPR journey.Read now
Whitepaper: Digital Transformation in the Cloud
With this book enterprise leaders may learn the steps they can take to seize the opportunities that lie ahead, while minimizing the risks during digital transformation of their company.Download
Microsoft solution for IT security
A comprehensive, intelligent solution that combines the best of Office 365, Windows 10 and Enterprise Mobility + Security, empowering everyone to be creative and work together, securely.Learn more about Microsoft 365
Enterprise Mobility + Security
Keep pace with today’s security challenges. Identity-driven innovations help you stay secure and productive on your favorite apps and devices.Learn more about Enterprise Mobility + Security
Windows 10 Enterprise
Windows 10 Enterprise addresses the needs of large and medium-size organizations, providing IT professionals with comprehensive device and app management.Learn more about Windows 10 Enterprise
Azure Information Protection
Better protect your sensitive information. Control and help secure email, documents and sensitive data that you share outside your company.Learn more about Azure Information Protection