Microsoft is ensuring that its cloud services will be fully compliant with the new General Data Protection Regulation (GDPR) legislation, whilst Azure and Office 365 will help other organisations to also achieve compliancy.
The cloud services in question are Office 365, Dynamics 365, Azure, including Azure data services, Enterprise Mobility + Security, and Windows 10, with compliance to GDPR backed-up by a contractual commitment from Microsoft.
In addition, Microsoft is selling its services to organisations to help them get compliant with the GDPR. For example, Azure Information Protection provides document tracking and revocation capabilities, so you can monitor the flow of sensitive data and revoke access to this data at any time.
Elsewhere, using Office 365 Advanced Data Governance enables you to intelligently manage your organisation’s data with classifications. This capability automatically labels sensitive data, so that policies for protection, retention or deletion can be applied.
But why is compliance so important? As you may be aware, GDPR will replace the Data Protection Directive next year as the primary law regulating how companies protect EU citizens’ personal data. Companies that are already compliant with the Directive must ensure that they are compliant with the new requirements of the GDPR before it becomes effective on the 25th of May 2018.
The real pressure comes in the shape of heavy fines for those companies that fail to achieve GDPR compliance before the deadline. Given that these can be up to the greater of €20 million or 4% of an organisation’s annual turnover globally, then it’s easy to see why compliance is such as issue!
This week, Microsoft published a GDPR compliance section within the Microsoft Trust Center. It contains white papers on the topic, along with FAQs and other resources. It also sets out the following steps that organisations should take to plan for GDPR compliance:
- Discover the data that is subject to the GDPR
- Manage how personal data is used and accessed
- Protect the data by establishing controls
- Report on data use, including plans for managing data requests and providing public notifications about breaches
Microsoft clearly places great emphasis on how cloud technology can help to accelerate the path to compliance. And with roughly 160 GDPR requirements ranging from how you collect, store and use personal information, to mandating a 72-hour notification for personal data breaches, organisations are likely to need all of the assistance they can get!
The Microsoft certification programme, reinvented for the cloud, reflects and validates the changing role of IT Professionals as they develop cloud and hybrid computing expertise. Visit our website for more information.