The European Union’s new General Data Protection Regulation (GDPR) takes effect one year from tomorrow. While some companies have started working towards GDPR compliance, Gartner believes that less than 50 percent of all organizations will fully comply with the GDPR when it goes into effect on May 25, 2018.* We know that the cloud can help dramatically increase that compliance rate, and we are dedicated to helping our customers on this journey.
With roughly 160 GDPR requirements ranging from how you collect, store and use personal information, to mandating a 72-hour notification for personal data breaches, it’s clear that using cloud technology can help accelerate the path to compliance for most organizations.
Nearly a decade ago, Microsoft established our Trusted Cloud Principles to guide our Microsoft cloud technology. These principles include security, privacy, compliance and transparency. These investments align closely with the intentions of the GDPR, and because of this, the Microsoft Cloud can uniquely provide an expedited journey to GDPR compliance.
Complying with the GDPR to help customers succeed
In February of this year, we announced that Microsoft cloud services will comply with GDPR by May 25, 2018, across Office 365, Dynamics 365, Azure, including Azure data services, Enterprise Mobility + Security, and Windows 10. We’ve backed this up with our contractual commitments to customers.
The Microsoft Cloud also has a range of compliance controls, audited by third parties. Through these investments, we will also help you validate that when you are using the Microsoft Cloud, you are using services compliant with the GDPR.
Cloud for compliance
Beyond making our cloud services compliant, the Microsoft Cloud provides sophisticated, built-in controls that can help you meet GDPR requirements. We have a range of capabilities available today that can help. To point out just a few, I’ll start with Azure Information Protection.
Azure Information Protection provides document tracking and revocation capabilities, so you can monitor the flow of sensitive data and revoke access to this data at any time.
Beyond information protection, you can also use the Microsoft Cloud to discover, manage, protect and report on GDPR-related data. And, powerful intelligence capabilities can be applied to the GDPR requirements when using the Microsoft Cloud. For example, using Office 365 Advanced Data Governance, you can intelligently manage your organization’s data with classifications. This capability automatically labels sensitive data, so that policies for protection, retention or deletion can be applied.
This is just one of several capabilities within Microsoft’s Secure Productive Enterprise offering to help you with GDPR today.
We continue to innovate in order to make GDPR compliance easier for you to achieve. For example, later this year we plan to release a new dashboard that provides a quantitative assessment to help identify where you are in your journey to GDPR compliance. This upcoming release builds on the foundation of Office 365 Secure Score, launched earlier this year, to provide you greater clarity on your path toward GDPR compliance.
A community of experts to guide your journey
We recognize that GDPR spans technology and business policy. To this end, we’ve brought the Microsoft ecosystem together to help you. In the Microsoft Tech Community privacy forum you can discuss GDPR issues and learn from experts. We’ve collaborated with consulting firms with deep policy knowledge of privacy and the GDPR, who can help you plan and implement process and technology to be GDPR compliant. And finally, we’re sharing best practices from our own privacy experts.
As the GDPR deadline draws closer, we are here to partner with you. Meeting GDPR doesn’t have to be a difficult path and Microsoft is here to help. Visit www.microsoft.com/gdpr to view our GDPR webcast, download GDPR whitepapers and register for upcoming news related to what Microsoft is doing for GDPR.
* From Gartner research note Adapt Your Cloud Hosting Proposition Now for Imminent GDPR European Privacy Regulations, Gregor Petri, Bart Willemsen, Tiny Haynes, 29 March 2017