Start the fight for GDPR compliance with the GDPR and Microsoft Cloud Security Hub
What is GDPR?
On the 25th May 2018 the European Union will start to enforce General Data Protection Regulation (GDPR) legislation. GDPR imposes a set of new rules onto companies, organisations, government bodies, not-for-profits and any other organisation that provide services or goods to European Union citizens. The legislation will also include any organisation or body that collects and analyses data tied to any EU resident.
GDPR WILL TAKE EFFECT ON THE 25th MAY 2018
What does GDPR mean to people?
With GDPR, people now have the legal tools behind them to regain what is rightfully theirs – their own personal data. People have the right to find out which organisations hold their data, and request that any sensitive information is deleted.
Data Controller / Data Processor
GDPR introduces fundamental changes to the obligations of organisations that control or process personal and sensitive data. Clearly these changes are new burdens to be met, but they are also an opportunity to improve security maturity.
IT need to be able to control the accidental flow of sensitive data into their systems. Although IT are not always involved or responsible for it’s collection, they are accountable for the systems that could potentially store this data.
Microsoft’s commitment to GDPR
Microsoft have recently outlined their commitments to GDPR compliance across their cloud services, seeing GDPR as an important step towards enabling individual’s privacy rights. As a Microsoft Worldwide Partner of the Year, Content and Code have extensive experience in ensuring that all of our client’s data is protected, while championing privacy, and complying with complex regulations.
Microsoft Technology and GDPR
Does using Microsoft Security technology mean we are GDPR compliant?
Yes and no. Microsoft Cloud Security technologies are designed with data protection and compliance in mind. However, you need to ensure your there are no gaps in your technology or your operating model. If you would like to speak to us further, and find out where you could potential fall short with GDPR compliance, join us for our GDPR and Microsoft Cloud Security roundtable sessions.
The security and management of personal or sensitive information is critical to ensuring that your organisation is compliant with GDPR legislation – but more importantly, it is critical to you as an organisation and your customers. Microsoft’s EM + S ensures that your organisations data is secure both in the cloud and within on-premises technologies. This encapsulates all personal data that may be spread across devices, users and applications.
GDPR legislation requires an organisation to discover what personal data is recorded, and where this data resides. As an organisation, you are also required to control how users access, and use personal or sensitive data and have security measures and controls in place to detect, respond to and prevent data breaches. Enterprise Mobility and Security features identity-driven security capabilities, such as Azure AD Premium, Microsoft Cloud App Security, Microsoft Intune, Microsoft Azure Information Protection and Microsoft Advanced Threat Analytics.
Office 365 is the global leader in Enterprise productivity applications. With Office 365 there are a number of security measures and privacy policies as standard to help ensure that your business-critical data is safe guarded in the cloud. An essential requirement of GDPR, is the ability to discover and control what personal or sensitive data you hold, and where it resides.
With Office 365 security and compliance solutions such as Data Loss Prevention (DLP) which can help identify 80 built-in, default sensitive data types (financial, medical, PII) and you can also use custom sensitive data types, meaning that your organisation can configure particular actions to be taken upon discovery of sensitive information and help to prevent accidental disclosure. Other Office 365 security features that can get you on track to GDPR compliance include – Advanced Data Governance, Office 365 Advanced eDiscovery, Advanced Data Governance and Customer Lockbox.
In addition, with GDPR you must be able to protect personal data against security threats. Office 365 features a number of tools that help identify when a breach has occurred, including; Office 365 Advanced Threat Protection, Threat Intelligence and Office 365 Audit Logs.
Designed with industry-leading privacy policies and security measures in place, Microsoft Azure can help safe guard private or sensitive data that your organisation holds in the cloud, including data that is categorised and identified under new GDPR legislation. Your organisation can take the first steps towards reducing GDPR risks, and GDPR compliance with Microsoft Azure.
Identifying and controlling who has access to personal or sensitive data is crucial requirement of GDPR. With Azure, your IT teams can easily manage user, user identities and control access to private data in a number of ways, including; Azure Active Directory, Multi-factor Authentication and Azure AD Privileged Identity Management. Azure Information Protection, helps to ensure that any private data you store is identifiable and fully secured within the cloud.
Whitepaper: How to stay GDPR compliant in Office 365
Organisations that use Microsoft’s Office 365 will be well placed to make a relatively smooth transition to GDPR compliance. But work is needed to get there. In this FREE whitepaper, we explore how organisation’s just like yours can align Office 365 and Microsoft security features to comply with the GDPR come May, 2018.
Latest Microsoft Cloud Security and GDPR events
Helping organisations prepare for a new era of data privacy regulations
GDPR Compliance Assessment
Detailed GDPR assessment
Understanding your GDPR gaps
Outline of compliance requirements
Cloud Security Roadmap Workshop
Aligning GDPR Gaps to Microsoft Security Technology
Understanding technologies such as EM+S, Azure and Office 365
Prioritised roadmap for Microsoft Cloud Security Adoption
GDPR Gap Assessment Playback
End-to-end review of activities with a Microsoft Cloud Security and GDPR specialist
For any organisation, the task of knowing where to begin with GDPR is a daunting one. At Content and Code, we are passionate about helping organisations prepare for the new era of data privacy regulations. Our GDPR Readiness Assessment is designed specifically to help any organisation understand their initial readiness for GDPR compliance, and how Microsoft Cloud Security technologies can align to GDPR compliance requirements. Are you ready for GDPR?
Latest GDPR blogs
I have heard and spoken to a number of companies and organisations, and it seems that in many cases, they are happy to see how many Subject Access Requests they receive after the 25th May 2018 to decide how they want to deal with Subject Access Requests from data...read more
In my last article, “Opportunity Calling - The General Data Protection Regulation (GDPR),” I mentioned the notion of not being driven by the text (i.e. the articles and recitals that make up the General Data Protection Regulation) during the initial stages of an...read more
The General Data Protection Regulation (GDPR) is a reform of the current data protection rules, it is currently being written into UK law and will apply to all organisations who hold personal data from 25 May 2018. Penalties for non-compliance will be "effective,...read more