Accelerate GDPR compliance with the Microsoft CloudHenrik Mønsted

Cloud Solutions ArchitectMicrosoft Denmark

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

1. Data Privacy and regulations like the GDPR- What does it mean for you?

- Breaking it down into some clear requirements

- Proposing a step-by-step process

2. How Microsoft technologies can help

- Making use of built-in capabilities to meet the requirements

- Introducing the newest innovations that can help!

Providing clarity and consistency for the protection of personal data

Enhanced personal privacy rights

Increased duty for protecting data

Mandatory breach reporting

Significant penalties for non-compliance

The General Data Protection

Regulation (GDPR) imposes new

rules on organizations in the European

Union (EU) and those that offer goods

and services to people in the EU, or that

collect and analyze data tied to EU

residents, no matter where they are

located.

Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

Personal

privacy

What are the key changes with the GDPR?

Controls and

notifications

Transparent

policies

IT and training

Organizations will need to:

• Train privacy personnel

& employees

• Audit and update data

policies

• Employ a Data Protection

Officer (if required)

• Create & manage

compliant vendor

contracts

Organizations will need to:

• Protect personal data

using appropriate security

• Notify authorities within

72 hours of breaches

• Obtain appropriate

consents for processing

data

• Keep records detailing

data processing

Individuals have the right to:

• Access their personal

data

• Correct errors in their

personal data

• Erase their personal data

• Object to processing of

their personal data

• Export personal data

Organizations are required

to:

• Provide clear notice of

data collection

• Outline processing

purposes and use cases

• Define data retention

and deletion policies

Our commitment to you

To simplify your path to compliance, we are committing to

GDPR compliance across our cloud services when

enforcement begins on May 25, 2018.

We will share our experience in complying with complex

regulations such as the GDPR.

Together with our partners, we are prepared to help you

meet your policy, people, process, and technology goals on

your journey to GDPR.

Leverage guidance from experts

Simplify your privacy journey

GDPRCompliance

GDPRCompliance

GDPRCompliance

Uncover risk & take action

How do I get started?

Identify what personal data you have and

where it residesDiscover1

Govern how personal data is used

and accessedManage2

Establish security controls to prevent, detect,

and respond to vulnerabilities & data breachesProtect3

Keep required documentation, manage data

requests and breach notificationsReport4

Discover:

In-scope:

•

•

•

•

•

•

•

•

•

•

Inventory:

•

•

•

•

•

•

•

Microsoft AzureMicrosoft Azure Data Catalog

Enterprise Mobility + Security (EMS)Microsoft Cloud App Security

Dynamics 365Audit Data & User Activity

Reporting & Analytics

Office & Office 365 Data Loss Prevention

Advanced Data Governance

Office 365 eDiscovery

SQL Server and Azure SQL Database

SQL Query Language

Windows & Windows ServerWindows Search

Example solutions

1

2

Example solutions

Manage:

Data governance:

•

•

•

•

•

•

•

•

Data classification:

•

•

•

•

•

•

•

Microsoft AzureAzure Active Directory

Azure Information Protection

Azure Role-Based Access Control (RBAC)

Enterprise Mobility + Security (EMS)Azure Information Protection

Dynamics 365Security Concepts

Office & Office 365 Advanced Data Governance

Journaling (Exchange Online)

Windows & Windows ServerMicrosoft Data Classification Toolkit

Classification and labelling Encryption and rights managementIntuitive, one-click process Detailed tracking and reporting

Built-in Azure, no setup required

Automatically discover and monitor security of Azure resources

Gain insights for hybrid resources

Easily onboard resources running in other clouds and on-premises

4

Example solutions

Record-keeping:

•

•

•

•

•

Reporting tools:

•

•

•

•

•

•

Microsoft Trust CenterService Trust Portal

Microsoft AzureAzure Auditing & LoggingAzure Data LakeAzure Monitor

Enterprise Mobility + Security (EMS)Azure Information Protection

Dynamics 365Reporting & Analytics

Office & Office 365 Service AssuranceOffice 365 Audit LogsCustomer Lockbox

Windows & Windows ServerWindows Defender Advanced Threat Protection

Report:

The Service Trust Platform (STP) is a companion feature

to the Microsoft Trust Center, and allows you to:

• Access audit reports across Microsoft cloud services

on a single page.

• Access compliance guides to help you understand

how can you use Microsoft cloud service features to

manage compliance with various regulations.

• Access trust documents to help you understand how

Microsoft cloud services help protect your data.

servicetrust.microsoft.com

Compliance managerManage your compliance from one place

• Real-time risk assessmentAn intelligent score shows your compliance posture

against evolving regulations

• Actionable insightsRecommended actions to improve your data

protection capabilities

• Simplified complianceStreamlined workflow and audit-ready reports

Enabling GDPR compliance in Health

Azure Data Catalog/Azure App Catalog will help discover patient and health data across

your applications, tools and databases.

Microsoft Azure provides a secure

and robust platform to store patient and

health data. Utilize pseudonymizing and

encryption capabilities to increase security

and reduce exposure to risk.

Windows 10 prevents unauthorized apps

from accessing health and patient data,

and health professionals from leaking data

with copy and paste protection.

Compliance Manager helps assess and

track data protection and compliance

posture and get actionable insights to

improve. With an intelligent score, customers

can better understand their compliance

posture against regulatory standards.

Discover Manage Protect Report

Service Trust Platform provides access to audit reports

and compliance guides to help

you understand how can you use

Microsoft cloud service features

to manage compliance

Existing compliance approaches

and attestations already in

alignment with the GDPR provide a

good foundation to start from.

Identity and Access Management

and Conditional Access can help

manage access to data across platforms,

whether in the cloud, on premise or in a

hybrid environment.

GDPR @Microsoft

• https://www.microsoft.com/GDPR

• https://www.gdprbenchmark.com/

SQL and GDPR Guide

BRK3241 Secure your data in Azure SQL Database and SQL Data Warehouse

BRK3087 Azure SQL Database: The world's first intelligent cloud database service

BRK2230 What's new with Azure SQL Database: Focus on your business, not on the database

THR2024 Practical tips and considerations by industry experts on how to become GDPR compliant