In May 2018, the General Data Protection Regulation (GDPR), will impose new rules on companies, government agencies, non-profits, and other organisations that offer goods and services to people in the European Union, or that collect and analyse data tied to EU residents. The GDPR applies no matter where you are located.
Whilst the Information Commissioner’s Office (ICO), the UK’s data protection regulator, has already taken noticeable steps in assisting businesses to prepare for the GDPR, by publishing its Guidance Roadmap. We thought it would be useful to highlight how some of Microsoft products and services available today that can help you meet the GDPR requirements.
One essential step to meeting the GDPR obligations is discovering and controlling what personal data you hold and where it resides. There are a number of Office 365 solutions that can help you identify or manage access to personal data.
• Data Loss Prevention (DLP) in Office and Office 365 can identify over 80 common sensitive data types including financial, medical, and personally identifiable information. In addition, DLP allows organisations to configure actions to be taken upon identification to protect sensitive information and prevent its accidental disclosure.
• Advanced Data Governance uses intelligence and machine-assisted insights to help you find, classify, set policies on, and take action to manage the lifecycle of the data that is most important to your organisation.
• Office 365 eDiscovery search can be used to find text and metadata in content across your Office 365 assets—SharePoint Online, OneDrive for Business, Skype for Business Online, and Exchange Online. In addition, powered by machine learning technologies, Office 365 Advanced eDiscovery can help you identify documents that are relevant to a particular subject (for example, a compliance investigation) quickly and with better precision than traditional keyword searches or manual reviews of vast quantities of documents.
• Customer Lockbox for Office 365 can help you meet compliance obligations for explicit data access authorisation during service operations. When a Microsoft service engineer needs access to your data, access control is extended to you so that you can grant final approval for access. Actions taken are logged and accessible to you so that they can be audited.
Another core requirement of the GDPR is protecting personal data against security threats. Office 365 provide features that safeguard data and identify when a data breach occurs;
• Advanced Threat Protection in Exchange Online Protection helps protect your email against new, sophisticated malware attacks in real time. It also allows you to create policies that help prevent your users from accessing malicious attachments or malicious websites linked through email.
• Threat Intelligence helps you proactively uncover and protect against advanced threats in Office 365. Deep insights into threats—provided by Microsoft’s global presence, the Intelligent Security Graph, and input from cyber threat hunters—help you quickly and effectively enable alerts, dynamic policies, and security solutions.
• Advanced Security Management enables you to identify high-risk and abnormal usage, alerting you to potential breaches. In addition, it allows you to set up activity policies to track and respond to high risk actions.
• Finally, Office 365 audit logs allow you to monitor and track user and administrator activities across workloads in Office 365, which help with early detection and investigation of security and compliance issues.
If you would like to discuss how Microsoft Office 365 or Azure resources can help you meet your GDPR requirements, please contact us using the form below.