Get the latest on GDPR compliance

In this webcast, learn critical steps to meet GDPR requirements that are effective in May 2018. Watch the webinar on demand: Thriving in the GDPR era.

Preparing for a new era in privacy regulation

In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), is due to take effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-U.S. Privacy Shield and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.

We are committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in our contractual commitments.

Learn more about how our products help you comply with the GDPR, and let us help you get started. You can also find resources like webinars, videos, white papers, and FAQs about the regulation.


profile picture of young man staring at text on the left

Learn about data governance and the GDPR

Discover the implications of GDPR data governance for your organization. Download the Data Governance for GDPR Compliance: Principles, Processes, and Practices white paper today.

Download the white paper

Key changes under GDPR

Risk and compliance assessor

Personal privacy

Individuals have the right to:

  • Access their personal data
  • Correct errors in their personal data
  • Erase their personal data
  • Object to processing of their personal data
  • Export personal data
Risk and compliance assessor

Controls and notifications

Organizations will need to:

  • Protect personal data using appropriate security
  • Notify authorities of personal data breaches
  • Obtain appropriate consents for processing data
  • Keep records detailing data processing
Risk and compliance assessor

Transparent policies

Organizations are required to:

  • Provide clear notice of data collection
  • Outline processing purposes and use cases
  • Define data retention and deletion policies
Risk and compliance assessor

IT and training

Organizations will need to:

  • Train privacy personnel and employees
  • Audit and update data policies
  • Employ a Data Protection Officer (if required)
  • Create and manage compliant vendor contracts

What GDPR means for your data

Protecting customer privacy with GDPR

Stricter control on where personal data is stored and how it is used

Better data governance tools for better transparency, record keeping, and reporting

Improved data policies to provide control to data subjects and ensure lawful processing


Manage your compliance

Manage your compliance from one place

Compliance Manager, now available for public preview, helps assess your compliance performance, provides actionable insights, and simplifies your compliance process when using Microsoft cloud services.

Compliance Manager public preview is available today on Service Trust Portal

Try it now

Want to know more about Compliance Manager?

Read the Tech Community blog