Complying with General Data Protection Regulation (GDPR) on Microsoft Data Platform technologies

This post is authored by Frederico Pravatta Rezende, Senior Product Marketing Manager, CADD & AI.

Is your organization prepared for the General Data Protection Regulation (GDPR)?

If your company does business in Europe, you’ll need to be aware of this new privacy law, which is set to bolster data protections for individuals living within the European Union (EU) starting on May 25, 2018.

The GDPR introduces several specific rights for EU residents, such as the right to access their personal data, correct inaccuracies in their data, erase data, object to the processing of their data, and to obtain a copy of their data. It aims to ensure that personal data is protected no matter where it’s sent, processed, or stored.

For your organization, this means taking a fresh look at how you control exposure to personal data, employ security mechanisms to protect personal data, detect and notify supervisory authorities of breaches within a timely manner, keep records of data-processing activities, and document risks and security measures.

The cost of non-compliance is high, reaching up to €20 million or 4 percent of the worldwide annual revenue of the prior fiscal year, whichever is higher.

Microsoft is committed to the GDPR, and we support you in complying with its obligations. We’ve addressed data privacy across several of our products and services, many of which are based on Microsoft SQL-based technologies— including SQL Server on-premises, SQL Server on Azure Virtual Machines, Azure SQL Database, Microsoft Analytics Platform System, and Azure SQL Data Warehouse.

Microsoft recommends a four-step process to guide you through the journey to comply with GDPR:

  1. First, you’ll need to discover where personal data is located. This involves understanding the attack area and how this sensitive data can be accessed, which allows you to identify the potential gaps in GDPR compliance you’ll need to address;
  2. In the second step, you’ll govern who can access this data and how it’s used. Azure SQL Database Firewall and SQL Server Authentication are just a few of the capabilities available to help with this;
  3. Next, you’ll want to strengthen your protection efforts, reducing risk and minimizing the impact of data. This requires different methods for different data types and scenarios. Microsoft SQL offers several ways to help you with this step.
  4. Lastly, you need to keep the records and create the reports necessary for meeting GDPR obligations. This also includes ensuring transparency with the subjects of this sensitive data.

While your journey to comply with GDPR may seem challenging, Microsoft’s various data platform solutions will help you along the way. Microsoft helps you simplify your privacy journey to expose areas of risk and respond with agility and confidence, leveraging guidance from experts and our partner network.

Start planning your data platform modernization to adhere to GDPR by signing up for our webinar to learn how you can start your journey with SQL Server 2017 and Azure Data Services. Register today.

We’ve also created a free e-book, Getting ready for GDPR, to help you understand your next steps so you can get ahead of the new regulation. Get your copy today.