SUPPORT FOR GDPR COMPLIANCE

Microsoft’s modern workplace solutions empower organisations to do more while knowing that the apps, services

and devices they use every day are helping them stay compliant.

Why get behind GDPR?

The EU General Data Protection Regulation (GDPR) came into effect in May 2018. Its purpose is to give individuals more control over their personal data. GDPR applies to organisations – of any size, anywhere – that sell goods in the EU or process the data of individuals in the EU.

GDPR demands that organisations take appropriate measures to prevent unauthorised access to their customers’ data, and there are heavy financial penalties for breaches. Despite this, many enterprises remain non-compliant, putting their customers and licence to operate at risk.

GDPR exposure in numbers

50%

Of businesses are not fully GDPR compliant

Source: GDPR compliance – where are we now, OnePoll, Autumn 2019

€66,000

Average GDPR fine

Source: GDPR.EU

9 in 10

SMB owners unaware of new GDPR consumer rights

Source: Survey of 500 small business owners, Hiscox, 2018

Four steps to GDPR compliance

Microsoft’s modern workplace solutions support a four-step approach to achieving GDPR compliance.

1. Discover

Identify and locate personal data

2. Manage

Govern how this data is used and accessed

3. Protect

Establish security measures to prevent, detect and respond to data breaches

4. Report

Retain required documents and manage data requests and breach notifications

1. Discover

GDPR defines personal data as “any data that relates to an identified or identifiable natural person”. This may include information stored in customer databases, feedback forms, email content, photographs or video, loyalty programmes or HR records. Because personal data can exist in many different locations, creating a thorough inventory is a significant challenge. Microsoft modern workplace solutions include tools and services to simplify and streamline the process.

Office 365

  • Data Loss Prevention: identifies over 80 common sensitive data types, including financial, medical, and personally identifiable information.
  • Office 365 eDiscovery: can be used to search text and metadata in content across SharePoint Online, OneDrive for Business, and Exchange Online.
  • Office 365 Advanced eDiscovery: harnesses machine learning to quickly and precisely identify documents that are relevant to a particular subject.

Enterprise Mobility and Security

  • Microsoft Cloud App Security: provides visibility and better protection for data in cloud applications across devices

2. Manage

The next step is to develop and implement a data governance plan. This should define policies, roles and responsibilities regarding the access, management, storage, transit and use of personal data in compliance with GDPR. While setting up robust data governance extends beyond technological solutions, Microsoft products come with built-in features that can support the development process.

Office 365

  • Data Loss Prevention: can identify, monitor, and automatically protect sensitive information across Office 365 locations, including Teams, SharePoint and OneDrive.
  • Office 365 eDiscovery: streamlines the process for identifying and delivering electronic information for legal purposes.
  • Office 365 Advanced eDiscovery: harnesses machine learning to quickly and precisely identify documents that are relevant to a particular subject.

Enterprise Mobility and Security

  • Microsoft Cloud App Security: provides risk assessments and ongoing analytics across apps on all devices

3. Protect

GDPR demands that organisations take appropriate technical measures to protect personal data. If a breach does occur, organisations are required to inform relevant authorities within 72 hours, and in some cases individual subjects must also be notified. In this environment, organisations can benefit by having the capabilities to quickly detect and remediate intrusions before they become a serious problem. Microsoft’s comprehensive security solution combines secure cloud infrastructure and product-based features to help ensure that all these requirements are met.

Office 365

  • Advanced Threat Protection: provides real-time protection against advanced malware attacks.
  • Threat Intelligence: harnesses the power of Microsoft Intelligent Security Graph to proactively identify and protect against evolving threats.

Enterprise Mobility and Security

  • Microsoft Intune: safeguards data on all devices that employees use to access work files, with remote lock down in case of device loss or theft.

Windows 10

  • Windows Hello: replaces passwords with a biometric or PIN to validate identity and simplify user experience.

4. Report

GDPR raises the standards on transparency, accountability and record-keeping. Organisations need to be ready to demonstrate how they use personal data, as well as their processes for collecting, storing, transporting and destroying sensitive information. Microsoft’s modern workplace solutions incorporate a number of tools and services to help organisations reassure their customers.

Office 365

  • Service Assurance (Security & Compliance Centre): provides details and resources related to Microsoft Compliance reports.
  • Office 365 audit logs: can be used to get a searchable oversight of potential issues – such as multiple downloads, file deletions or attempted log ins.

Windows 10

  • Windows 10 auditing and logging: enables various auditing event categories to support the creation of tailored auditing policies to suit specific security needs.

Need an IT partner to help with compliance?

Strong data governance goes beyond technology. Search ALSO’s network to find an IT partner that can help you combine the right technical set up with the right policy process to protect your customers and their data

Popular tools and resources for Microsoft 365

Download center

Access useful resources and tools.

View more

Information security assessment

Make a quick first assessment of an organisation’s security status.

View more

Accountability Readiness Checklist

Access information you need to support the GDPR when using Microsoft Office 365.

By clicking this link, you will be taken to an external Microsoft site and may be asked to provide additional data.

View more

Customer cases

See how other businesses are benefitting from Microsoft Security.

View customer cases