Transcription
GDPR and Microsoft 365:Streamline your pathto compliance
Jan2018GDPR and Microsoft 365:Streamline your path to complianceGDPR: An overviewThe General Data Protection Regulation(GDPR) is a new European Union (EU)privacy law that takes effect on May 25,2018. It is designed to give individualscontrol over their personal data and is animportant effort for protecting individualrights and freedoms. The GDPR appliesto any organizations based in the EUand organizations—wherever they arelocated—that are selling goods andservices in the EU or processing personaldata of individuals in the EU.Organizations that are able to complywith GDPR regulations smoothly andreadily will strengthen their relationshipswith customers by protecting thesecurity and privacy of their data, andproviding transparency into policiesand principles. Additionally, the robustdata management capabilities requiredto achieve compliance can enablebusinesses to better engage withcustomers, empower employees, andoptimize the creation and delivery ofproducts and services.Microsoft has extensive expertise inprotecting data, championing privacy,and complying with complex regulations,and currently complies with both EU-U.S.Privacy Shield and EU Model Clauses.We are committed to GDPR complianceacross our cloud services and standbehind our promise with contractualcommitments for our cloud services.2
Jan2018Empoweringcustomer privacyGDPR and Microsoft 365:Streamline your path to complianceCompanies that are working to meetGDPR requirements, and who recognizethe opportunity that achievingcompliance represents, need toconsider the overall approach, as wellas specific capabilities, when evaluatinginfrastructure platforms and solutionsand the partners who provide them.In terms of high-level criteria, havingsecurity features and compliancecapabilities integrated within thesolution architecture itself, and workingwith partners who have a robustdatacenter capacity will help accelerateyour journey. Through both our owncompliance journey and helpingour customers work towards GDPRcompliance, we have identified thesethree focus areas as key to successfullymeeting compliance obligations:01Assessing and managingcompliance risk302Protecting personal data03Streamlining processes
Jan201801Assessing and managingcompliance riskGDPR and Microsoft 365:Streamline your path to complianceGDPR is a perfect example of howcompliance requirements can becomplex to interpret, difficult to track,and labor-intensive to implement.Assessing and managing your riskenvironment won’t end when youmeet your GDPR obligations—you’llcontinue to face new regulations andcompliance requirements after the May2018 deadline. Thus, companies needinfrastructure and solutions that enablethe ability to assess and manage risk andcompliance on an ongoing basis.To help organizations better understandtheir compliance posture, we’veintroduced Compliance Manager, anew solution to help you manage yourcompliance risk from a centralizeddashboard. Compliance Managerenables you to conduct a real-time riskassessment of all your Microsoft cloudservices, while providing actionableinsights to help you streamlinecompliance processes.447%47% of executives were unsure whatdata compliance standards applied totheir organizationsWatch the ComplianceManager Demo video
Jan2018GDPR and Microsoft 365:Streamline your path to complianceHow do you manage an alreadycomplex compliance landscapewhen standards and regulationsare constantly changing?5
Jan201802Protecting personal dataGDPR and Microsoft 365:Streamline your path to complianceProtecting personal data is at the heartof GDPR. These protections are whatyour customers want, and in fact whatthey need if they are going to participatefully in the digital economy.Complying with such far-reachingregulations goes well beyond anycollection of point solutions, let alonea single solution. Companies need tothink in terms of an infrastructure andsolutions platform that will help themmeet customer expectations andGDPR obligations across three keysolution areas:Identity and accessmanagementInformation protectionThreat protection6
Jan2018Identity and accessmanagementProtecting your organization at the front door is your first line ofdefense, and that means you need to control who gets in, whilealso empowering users to be productive using any application(including third-party), on any device, from anywhere.Addressing the vulnerability of passwords and the productivityimpact of multiple credentials on users is key to improvingthe effectiveness of your first line of defense. For example,we’ve designed our identity and access management solutionand technologies to use capabilities such as Multi-FactorAuthentication, Conditional Access, Biometric Verification, andSingle Sign-On to secure access to devices, apps, and cloudservices while simplifying access for users.GDPR and Microsoft 365:Streamline your path to complianceHow do you manage & protectpersonal data in a world where:758%of individuals haveaccidentally sentsensitive informationto the wrong person81%of corporate breachesinvolve weak or stolenpasswords300K-new malware samplesare created and spreadevery day
Jan2018GDPR and Microsoft 365:Streamline your path to complianceInformation protectionCompanies need infrastructure andsolutions that address four primaryelements of successful informationprotection: detecting sensitive data,both at rest and in transit; classifyingsensitive data into distinct categories sothat custom controls—such as policiesand actions—can be applied; providingappropriate levels of security based onhow data has been classified; and lastly,monitoring how sensitive information isused and distributed and being able torespond to unexpected activityor events.Because you have data being createdand shared across boundaries—devices,apps, and cloud services—it’s imperativethat you’re able to protect that datathroughout its entire lifecycle and acrossyour environment. We’ve developedour information protection solutionsto provide an integrated classification,labeling and protection experience,enabling more persistent protection ofyour data wherever it is—across devices,apps, cloud services and on-premises.In the spirit of working towardsproviding a more integrated and unifiedclassification, labeling, and protectionmodel, today we also have a sharedlabeling schema that will be used acrossOffice 365 and Azure InformationProtection. This means that the samedefault labels will be used across bothOffice 365 and Azure InformationProtection—eliminating the need tocreate labels in two different places.The common labeling model also helpsensure that sensitive labels—regardlessof where they were created—arerecognized and understood acrossAzure Information Protection, Office 365Advanced Data Governance, Office 365DLP, and Microsoft Cloud App Security.Finally, we’ve integrated machinelearning capabilities into our informationprotection solutions—such as AdvancedData Governance and Cloud AppSecurity—to help you automaticallyclassify and set policies to protectyour data.8
Jan2018Threat protectionWith the increase in number and sophistication of cyberattacks,cyber threats have become a CEO-level issue. Companies needstrong defenses across four critical areas of vulnerability: useridentity, applications and data, devices, and infrastructure. Tobetter protect these critical areas, we built the Microsoft IntelligentSecurity Graph, which serves as the connective tissue acrossMicrosoft security solutions.The Intelligent Security Graph enables our solutions to bring inunified preventative measures that improve the efficiency ofprotecting, detecting, and responding to security incidents. Forexample, when we detect a new piece of malware though Office365 Advanced Threat Protection, we share that information withservices like Windows Defender ATP and Advanced Threat Analytics,enabling our solutions to collectively work to protect user identities,apps and data, devices, and infrastructure against advancedpersistent threats.GDPR and Microsoft 365:Streamline your path to complianceWe analyze:450B400Bauthentications per monthacross our cloud servicesemails scanned for spamand malwareOver 1B18B enterprise and consumerdevices updated monthlyBing scans per month.9
Jan201803Streamline processesGDPR and Microsoft 365:Streamline your path to complianceThe GDPR is also an opportunityfor companies to make sure theircompliance program is as efficient aspossible. GDPR requires companies toensure that they can provide customersaccess to their personal data, whichmeans you must be able to search andquickly identify personal data, exportthe results, and accurately record theprocess. A streamlined process benefitsthe company in terms of productivitywhile providing a better experience forthe customer.We’ve built audit-ready tools into oursolutions, enabling you to streamlineyour reporting process. For example,Office 365 Content Search, an eDiscoverytool with new and improved scaling andperformance capabilities, lets you searchfor over 80 different sensitive data typesas well as create custom types. ContentSearch lets you run very large eDiscoverysearches across Office 365 applicationsand non-Office 365 data, providingimproved consistency and efficiencies.10
Jan2018GDPR and Microsoft 365:Streamline your path to complianceChoosing a platformyou can trust, and verifyWe’ve taken a principled approach tobuilding privacy, security, compliance,and transparency into everything we do,which means that they are integratedinto the products and services you useevery day. We’ve brought the best ofWindows 10, Office 365, and EnterpriseMobility Security together into asolution called Microsoft 365, to deliveran integrated, complete solution thatempowers everyone to be creative andwork together, securely.The significant investments Microsoft hasmade in security are realized in severalareas through Microsoft 365. First, theMicrosoft cloud has the largest certifiedcompliance portfolio, with servicesarchitected to be secure by design,the most extensive global datacenterfootprint in the industry, a breadth ofintegrated solutions that leverage AI, aswell as our global partner ecosystem.11
Jan2018Learn more about howMicrosoft 365 can help youempower your customers’privacy and achieve GDPRcompliance fast.GDPR and Microsoft 365:Streamline your path to complianceLearn more aboutMicrosoft 365 and GDPR12 2018 Microsoft Corporation. All rights reserved. This document is provided “as-is.” Informationand views expressed in this document, including URL and other internet website references, maychange without notice. You bear the risk of using it. Some examples are for illustration only andare fictitious. No real association is intended or inferred. This document does not provide youwith any legal rights to any intellectual property in any Microsoft product. You may copy anduse this document for your internal, reference purposes.
Streamline your path to compliance 2 The General Data Protection Regulation (GDPR) is a new European Union (EU) privacy law that takes effect on May 25, 2018. It is designed to give individuals control over their personal data and is an important effort for protecting individual rights and freedoms. The GDPR appliesFile Size: 1MBPage Count: 12
