On Friday, May 25, the European Union’s General Data Protection Regulation — better known as GDPR — officially takes effect.
GDPR is an important step forward for privacy rights in Europe and around the world, and we’ve been enthusiastic supporters of GDPR since it was first proposed in 2012. It sets a strong standard for privacy and data protection by empowering people to control their personal information. We appreciate the strong leadership by the European Union on these important issues and the invitation to Microsoft to be one of a small number of companies participating in the official events in Brussels on Friday.
We believe privacy is a fundamental human right. As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever.
Privacy is also the foundation for trust. We know that people will only use technology that they trust. Ultimately, trust is created when people are confident that their personal data is safe and they have a clear understanding of how and why it is used. This means companies like ours have a huge responsibility to safeguard the privacy of the personal data we collect and the data we manage for our commercial customers.
Our commitment to GDPR compliance
We are committed to making sure that our products and services comply with GDPR. That’s why we’ve had more than 1,600 engineers across the company working on GDPR projects. Since its enactment in 2016, we’ve made significant investments to redesign our tools, systems and processes to meet the requirements of GDPR. Today, GDPR compliance is deeply ingrained in the culture at Microsoft and embedded in the processes and practices that are at the heart of how we build and deliver products and services.
We feel good about what we achieved so far. But we know that May 25 isn’t the end of our work. Instead, it is the beginning of the next phase of our focus on GDPR. The fact is that this complex regulatory framework is as new to privacy regulators as it is to us. The ongoing interpretation of the detailed aspects of this regulation will determine the steps that we all will need to take to maintain compliance. As our customers use our tools and experience other features we’ll also listen to their feedback and suggestions for improvements. Because regulatory interpretations change with experience and changing circumstances over time, we will constantly evaluate our products, services and data uses as understanding of GDPR evolves.
Respecting the privacy rights of consumers everywhere
As an EU regulation, GDPR creates important new rights specifically for individuals in the European Union. But we believe GDPR establishes important principles that are relevant globally.
We’ve been advocating for national privacy legislation in the United States since 2005. We’re encouraged that some other tech companies are starting to endorse the need to address this issue as well. While debate about how to protect data privacy continues in the U.S., we’re committed to moving forward now to take concrete steps to help strengthen people’s privacy protection.
That’s why today we are announcing that we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide. Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.
Updating the privacy statement for our consumer services
This week, we have also published an updated privacy statement governing our consumer products and services. The new privacy statement reflects our decision to extend key rights under GDPR to consumers around the world. It also incorporates more specific information and changes related to GDPR. But perhaps most importantly, it is designed to be clearer and more transparent. You can read the new privacy statement here. And you can find out what’s new in the privacy statement here.
Helping businesses and organizations with their own GDPR compliance obligations
Much of the focus on GDPR during the past year has been on how large technology companies are ensuring that the products and services that they provide comply with the obligations that go into effect on May 25. Clearly, this is important.
But at Microsoft our business is built on helping other businesses and organizations succeed. We create the technology and tools that others use to transform their own businesses and drive success. We succeed only when our customers succeed. Therefore, an especially important part of our GDPR effort has been our work to develop tools, best practices and guidance to enable our enterprise customers to prepare for implementation of GDPR.
As GDPR goes into effect, one of our most important goals is to help businesses become trusted stewards of their customers’ data. This is why we offer a robust set of tools and services for GDPR compliance that are backed up by contractual commitments.
For most companies, it will simply be more efficient and less expensive to host their data in the Microsoft Cloud where we can help them protect their customers’ data and maintain GDPR compliance.
You can learn more at: Microsoft.com/GDPR
This week is an important week on an important journey. We look forward to continuing our work with customers, partners and regulators. We’re committed to protecting the right to privacy and ensuring that the benefits of a new generation of technology innovation truly empower people and organizations around the world to achieve more.