Notice regarding General Data Protection Regulation contractual commitments

The EU General Data Protection Regulation (GDPR) went into effect on May 25, 2018. To comply with the GDPR, Microsoft amended its Professional Services agreements to address requirements that were required to be included in its data processing contracts.

For Professional Services agreements that do not currently have GDPR contractual commitments, the GDPR terms that will be added to these agreements are included in attachment 2 of the Microsoft Professional Services Data Protection Addendum. Please note that these new GDPR terms will only apply to the extent Microsoft processes personal data that is subject to the GDPR.

Since the new GDPR terms went into effect on May 25, 2018, Microsoft has honored its commitments under the new GDPR terms without any further action required by our customers. However, if you would like to have a signed copy of the GDPR terms, you can submit your request to your Microsoft account manager.

Data subject requests (DSRs)

How Microsoft enables data controllers and processors to respond to requests to access data, delete data, or correct inaccurate data.

Data breach

How Microsoft tries to prevent breaches, how Microsoft detects a breach, and how Microsoft will respond in the event of breach and notify the data controller.

Data protection impact assessments (DPIAs)

How Microsoft helps data controllers complete data protection impact assessments.

Accountability readiness checklist

Provides a catalog of documentation demonstrating Microsoft Services support of GDPR.

Microsoft Professional Services data protection addendum

Data protection terms for Microsoft Unified, Premier, and Consulting customers.

Download the Microsoft Professional Services data protection addendum