Blog & Thought Leadership How is Microsoft Helping Firms en route to GDPR Compliance?

Microsoft is offering new tools on Azure and Office 365 to help bring firms towards complying with the EU's regulation.

The GDPR is of concern to businesses of all shapes and sizes, affecting any company wanting to do business within the EU or with member states, including US firms handling the data of European citizens.

For those within the enterprise, this means that from May 25th this year they will have a legal requirement to notify customers of any data breach within 72 hours. Failure to do so could businesses fined either €20 million or 4% of their annual global turnover – depending on which is greater.

At its core, the GDPR is an attempt by the EU to drive better standards of cybersecurity to provide increased protection for the data of EU citizens being handled by firms. Of course, the new regulations have given those within the boardroom further cause for concern, leaving some businesses feeling overwhelmed. Just last year, Thomson Reuters put the average cost of compliance for global financial organisations at $119M per organisation.

Now, Microsoft wants to assist firms with compliance by providing new GDPR-friendly tools to aid with the transition. The thinking from Redmond is that rather than just being seen as a regulatory requirement, the GDPR can be harnessed as an opportunity to strengthen relationships with customers, as well as enhancing collaboration and productivity as far as employees are concerned.

Here’s how Microsoft is helping businesses to meet the GDPR:

Microsoft is offering Compliance Manager for Azure, Dynamics 365 and Office 365 Business and Enterprise users using public clouds – grouping the services as Microsoft 365. This solution enables enterprises to perform periodic risk assessments in order to check whether they are compliant with the GDPR and other regulations.

Alongside this, Compliance Score, a feature within Compliance Manager, enables businesses to continually assess their compliance performance via a series of risk assessments on Microsoft cloud services that provide a score based on the ability to comply with the GDPR.

Another feature, Azure Information Protection scanner, allows for the protection of sensitive data on-premises by allowing you to set up policies that enable the automatic discovery, classification and protection of documents both in file servers and on-premises SharePoint servers.

When coupled with Azure Information Protection (AIP) firms can feel confident that data is securely classified as it travels across devices, applications and cloud services, thereby protecting sensitive files and emails.

Furthermore, enterprises can ensure that confidential files and information remain within the confines of the corporate network by using Microsoft Cloud App Security (MCAS) to read any such files labelled by AIP and set policies based on based these. The service also covers any sensitive files in cloud apps, automatically applying these labels for encryption and protection.

In addition, with the ability to automatically classify personal data being a critical part of GDPR compliance, Microsoft has already deployed over 80 out-of-the-box sensitive information types that firms can use to detect and classify data. These will soon be followed by a GDPR sensitive information type template that will enable firms to effectively consolidate everything into a single template, detecting and classifying personal data relevant to the GDPR.

To find out how Crayon and Microsoft can help you on the road towards GDPR compliance please click here.