Starting on May 25, 2018, the General Data Protection (GDPR) regulation adopted by the European Union came into force. It requires companies to collect, process and protect the personal data they own in maximum security conditions. This regulation is designed to give EU citizens more control over their own data. For companies, the regulation requires higher risk management, to establish and implement clear security policies and to optimize their information and communication technologies.
Within this process, all companies will need to target the GDPR compliance on four directions: identifying the personal data they work with, how they manage them, how they protect them against internal and external risks, the reporting issue and the availability to provide information upon request. For each of these stages, Microsoft provides real, adaptable solutions for any organization.
This first step involves the inventory of data (what type of personal data exists in the organization, in what kind of documents) as well as their location (where these data are – personal terminals, servers, network, mobile environments, cloud). Processes can be run using features such as Microsoft CloudAppSecurity from Enterprise Mobility + Security (EMS), Data LossPrevention, Advanced Data Governance, or eDiscovery from the Office 365 suite.
The next step involves the data management activity (policies and procedures, roles and responsibilities, how information is accessed and used in transit, storage, archiving or destruction processes) as well as their classification (to organize and label according to type, importance, context, or property). Microsoft Solutions are Azure Information Protection (EMS function) or Advanced Data Governance, or Journaling (Exchange Online), respectively, in the Office 365 suite.
In order to safely work with personal data, three aspects must be taken into account: prevention (by encryption, access control, network security), detection (breach monitoring, scanning and identification), and the ability to respond (through planning, recovery, and notification). For these needs, Microsoft comes with solutions such as Active Directory or Microsoft Intune (EMS functionality), Data LossPrevention, AdvancedThreatProtection, or Threat Intelligence from the Office 365 suite.
This last step involves keeping the necessary documentation, the ability to respond to notifications and provide information on request. It requires transparency (regarding the purpose of processing, classification of data, third party access, security measures), allocation of responsibilities and keeping records (logs, breach notifications, compliance reports). For these purposes, Microsoft offers solutions such as Azure Information Protection (EMS), Service Assurance, Audit logs, or CustomerLockbox from the Office 365 suite.
Microsoft 365 is an integrated, complete solution that includes Office 365, Windows 10, and Enterprise Mobility + Security. It enables users to work collaboratively, securely, in compliance with the new data protection regulation. The suite has built-in elements of artificial intelligence, allowing users to be more creative, more productive, and benefit from added security. Microsoft 365 has three variants: FOR BUSINESS, FOR ENTERPRISE and FOR EDUCATION. M 365 FOR BUSINESS is a captivating and affordable offer, a complete set of tools for the effective compliance with GDPR. With this suite, small and medium-sized companies have the same tools as large companies, its merit being that it adapts in terms of resources and available budget to the needs of any organization on its way to complying with the GDPR.
Start with an initial evaluation