Article by: Julia White – Corporate Vice President, Microsoft Azure & Security
While some companies have started working towards GDPR compliance, Gartner believes that less than 50 percent of all organisations will fully comply with GDPR when it goes into effect on May 25, 2018. We know that the cloud can help dramatically increase that compliance rate, and we are dedicated to helping our customers on this journey.
With roughly 160 GDPR requirements ranging from how you collect, store and use personal information, to mandating a 72-hour notification for personal data breaches, it’s clear that using cloud technology can help accelerate the path to compliance for most organisations.
Nearly a decade ago, Microsoft established our Trusted Cloud Principles to guide our Microsoft Cloud technology. These principles include security, privacy, compliance and transparency. These investments align closely with the intentions of GDPR, and because of this, the Microsoft Cloud can uniquely provide an expedited journey to GDPR compliance.
In February 2017, we announced that Microsoft Cloud Services will comply with GDPR by May 25, 2018, across Office 365, Dynamics 365, Azure, including Azure data services, Enterprise Mobility + Security, and Windows 10. We’ve backed this up with our contractual commitments to customers.
The Microsoft Cloud also has a range of compliance controls, audited by third parties. Through these investments, we will also help you validate that when you are using the Microsoft Cloud, you are using services compliant with the GDPR.
Cloud for compliance
Beyond making our cloud services compliant, the Microsoft Cloud provides sophisticated, built-in controls that can help you meet GDPR requirements. We have a range of capabilities available that can help. To point out just a few, I’ll start with Azure Information Protection.
Azure Information Protection provides document tracking and revocation capabilities, so you can monitor the flow of sensitive data and revoke access to this data at any time.
Beyond information protection, you can also use the Microsoft Cloud to discover, manage, protect and report on GDPR-related data. And, powerful intelligence capabilities can be applied to the GDPR requirements when using the Microsoft Cloud. For example, using Office 365 Advanced Data Governance, you can intelligently manage your organisation’s data with classifications. This capability automatically labels sensitive data, so that policies for protection, retention or deletion can be applied.
We recognise that GDPR spans technology and business policy. To this end, we’ve brought the Microsoft ecosystem together to help you. In the Microsoft Tech Community privacy forum you can discuss GDPR issues and learn from experts. We’ve collaborated with consulting firms with deep policy knowledge of privacy and the GDPR, who can help you plan and implement process and technology to be GDPR compliant. And finally, we’re sharing best practices from our own privacy experts.