General Data Protection Regulation
The European Union’s (EU’s) General Data Protection Regulation (GDPR) imposes new rules on companies, government agencies, not-for-profits, and other organizations that offer goods and services to people in the EU or that collect and analyze data tied to EU residents—no matter where they are in the world. Its vast reach extends beyond technology to encompass people and processes. And opens an array of opportunities for your practice.
The Microsoft Cloud and GDPR compliance
A complex regulation, the GDPR may require significant changes in how your customers collect, process, and manage data. Microsoft has a history of and extensive expertise with complying with complex regulations—including both EU-U.S. Privacy Shield and EU Model Clauses—protecting data, championing privacy.
When your customers use Microsoft cloud services, they’re entrusting us with their most valuable asset—their data.
- Microsoft has the most comprehensive set of compliance offerings, certifications, and attestations of any cloud service provider.
- We apply some of the most rigorous security and compliance standards in the world—audited and reported to customers regularly by accredited, independent third parties—to safeguard your customers’ data.
What measures does Microsoft employ to help safeguard customer data?
- Physical security. 24-hour monitoring, seismic bracing, and multifactor authentication for physical access to data centers.
- Data security. Features like encryption, logical isolation of your customers’ data, and strong authentication.
- Operational best practices. Prevent breach and assume breach to monitor, anticipate, and mitigate threats.
GDPR contractual commitments
Microsoft has pledged that our technology will be GDPR-compliant by May 2018. As your customers’ third-party data processor, we stand behind that promise with key, GDPR-related contractual commitments for our cloud services.
Microsoft has invested heavily in developing intelligent, comprehensive compliance offerings that can help you assess and manage your customers’ risk and achieve GDPR compliance. And Microsoft 365 provides an ideal platform on which you can build a profitable solutions to simplify the task of identifying, classifying, and governing personal data—enabling your customers to comply with the GDPR transparency, accountability, and record keeping requirements.
Azure Active Directory. Centralize identity, so there is a single directory to manage, and users can access all the resources they need with a single credential. Supports multifactor authentication, hardware-based protections, including biometrics, risk-based access, and sophisticated management for privileged accounts.
Azure AD Privileged Identity Management. Offers the ability to discover, restrict, and monitor administrators and their access to resources and services like Office 365. Users who need administrative access can get it for a preconfigured, limited amount of time (just-in-time access) after they have proved their identity through multifactor authentication.
Windows 10. Offers the full benefit of multifactor authentication for logging onto devices.
- Windows Hello supports PIN and biometrics options (fingerprint/facial recognition), which are built into the operating system.
- Windows Defender Credential Guard uses virtualization-based security and a container to isolate Windows authentication. Moving the authentication stack and single sign-in tokens out of Windows into an isolated container keeps them secure against attackers who may have fully compromised the operating system.
Windows Defender Advanced Threat Protection. Provides the latest preventative protection from advanced cyberthreats, detecting attacks and zero-day exploits, and offering centralized management for your customers' end-to-end security lifecycles.
Microsoft Intelligent Security Graph. Microsoft analyzes an unparalleled collection of security signals (detected threats) from vast sources to strengthen the security in Microsoft products and services. Rich, cyber insights from vast security intelligence, machine learning, and behavioral analytics help customers stay on top of evolving threats, improve investigations, and speed up response.
Office 365 Threat Intelligence. Leverages billions of data points from the Microsoft Intelligent Security Graph to proactively uncover and protect against advanced threats. Deep insights into these threats help to quickly and effectively enable alerts, dynamic policies, and security solutions.
Azure Information Protection. Helps ensure persistent classification and protection of sensitive data— no matter where it’s stored or who it’s shared with. Also provides end-to-end protection and control for sensitive data, including data classification and labeling, data protection, data usage monitoring, and responding to malicious data usage activities.
Compliance Manager with Compliance Score. Simplify regulation-to-audit compliance processes for Microsoft cloud services, conduct ongoing risk assessments, and gain actionable insights and step-by-step guidance to help improve data protection capabilities. Built-in control management and audit-ready reporting tools included.
Office 365 Advanced Data Governance. Capabilities apply machine learning to help find, retain, and protect important data throughout its lifecycle, while automatically eliminating trivial, redundant, and obsolete data that, if compromised, could pose risk.
In research commissioned by Microsoft, 58% of partners agree that Microsoft is a leader in GDPR, and 83% feel that Microsoft has a competitive advantage over other cloud solution providers.
Use the GDPR Foundations Training kit to help provide customers with a basic understanding of the GDPR, then demonstrate how the combination of Microsoft 365 and your services can help your customers attain compliance.
Leverage the go-to-market resources in the GDPR Sales kit to help you build customer awareness, generate leads, and close deals with your own Microsoft 365 GDPR offer.