Microsoft's core services have some great features to help your company become GDPR compliant.
One of the main tenets of the EU's General Data Protection Regulation (GDPR), which is due to come into force on 25 May 2018, is the ability to demonstrate compliance. That means that all the cloud services you use are required to be GDPR compliant too, so that you can store data in a manner that's secure by design.
To help, Microsoft has implemented several new tools and features across its cloud portfolio to help your company hit its GDPR requirements. We will follow up with another blog post which will look at Compliance Manager, which gives you a central console to check the GDPR status of cloud accounts, including Office 365, Azure and Dynamics 365.
In this article, we'll look at specific tools in Microsoft’s cloud products that could be used to enforce GDPR.
Microsoft Office 365
Microsoft has put a lot of work into boosting Office 365's GDPR compliance, building tools that can help you protect your data.
During the first half of 2018, Microsoft plans to launch a Multi-Geo version of Office 365. This will allow multinational businesses to assign locations to Office 365 users, storing data in the right jurisdictions to meet GDPR requirements. This will help larger companies deal with their regional demands, without affecting the wider way they work.
One of the main changes with GDPR compared to the current data protection act is that consumers can now request a copy of the data that you hold on them for free, and they can request data to be deleted ("the right to be forgotten"). With Office 365 eDiscovery, searches can now find text and metadata in content across all Office 365 assets, including SharePoint Online, OneDrive for Business, Skype for Business, and Exchange Online.
According to Microsoft, e-Discovery can also "help you identify documents that are relevant to a particular subject (for example, a compliance investigation) quickly and with better precision than traditional keyword searches or manual reviews of vast quantities of documents."
There are potentially big fines for any company that leaks personal data, so Office 365 has built-in Data Loss Prevention (DLP). This technology can identify sensitive information (up to 80 types, including financial, medical and personally identifiable information). You can then control access automatically or even block the accidental sharing of this data.
Advance Data Governance, meanwhile, helps give you greater control of your data. With machine-assisted insights, this tool can help you find, classify and set policies on all your data. As GDPR requires companies to only hold data for as long as it is needed, Advance Data Governance can also help you manage the lifecycle of your data too.
Azure has several tools to help bolster protection and manage your GDPR requirements. Azure Information Protection helps protect your data automatically. According to Microsoft you can "classify, label, and protect new or existing data, share it securely with people within or outside your organisation, track usage, and even revoke access remotely."
Automatic encryption helps secure data, preventing unauthorised access to it. While the Azure Security Center helps you monitor, detect, prevent and respond to threats quickly.
Knowing which apps you have running in Azure is an important step for GDPR compliance, so you can control access to your company's data. Cloud App Discovery is Microsoft's tool for discovering unmanaged cloud applications. Employing user agents, you can find out exactly what's running in the cloud and who's using which apps.
Cloud App Discovery is a great tool for the apps you've authorised to run. As part of GDPR is ensuring that data is protected at all stages, with security by design, having the tools to see how cloud apps are behaving is essential. You can use the tool to identify and access risks, control access to apps and data, and automatically detect unusual user activities, giving you advance warnings of problems.
Combined, the two tools are a key part of GDPR compliance. They help you discover how data might be leaking to uncontrolled platforms and give you the controls to stop it happening again. We call this problem “shadow IT”, where employees adopt their own platforms to overcome lack of functionality (perceived, real, or deliberate) in work-provided systems.
GDPR is about continually protecting personal data, both through system security and in the way that employees handle that data. Microsoft's new tools provide handy methods for enforcing that control, keeping your company the right side of GDPR compliance.
For more information on how these tools can help and how to get your company ready for GDPR get in touch with us.
Read more of our GDPR blog series here:
- What is GDPR and how does it apply to your business?
- What impact will GDPR have on your business?
- GDPR can be an opportunity for your business
- The essential steps for aligning your business with GDPR
- Key Microsoft features for GDPR compliance
- Preparing for GDPR with Compliance Manager