Accelerate GDPR compliance with the Microsoft...
-
Upload
trinhduong -
Category
Documents
-
view
224 -
download
0
Transcript of Accelerate GDPR compliance with the Microsoft...
Accelerate GDPR compliance with the Microsoft CloudHenrik Mønsted
Cloud Solutions ArchitectMicrosoft Denmark
This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
1. Data Privacy and regulations like the GDPR- What does it mean for you?
- Breaking it down into some clear requirements
- Proposing a step-by-step process
2. How Microsoft technologies can help
- Making use of built-in capabilities to meet the requirements
- Introducing the newest innovations that can help!
Providing clarity and consistency for the protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The General Data Protection
Regulation (GDPR) imposes new
rules on organizations in the European
Union (EU) and those that offer goods
and services to people in the EU, or that
collect and analyze data tied to EU
residents, no matter where they are
located.
Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights
Personal
privacy
What are the key changes with the GDPR?
Controls and
notifications
Transparent
policies
IT and training
Organizations will need to:
• Train privacy personnel
& employees
• Audit and update data
policies
• Employ a Data Protection
Officer (if required)
• Create & manage
compliant vendor
contracts
Organizations will need to:
• Protect personal data
using appropriate security
• Notify authorities within
72 hours of breaches
• Obtain appropriate
consents for processing
data
• Keep records detailing
data processing
Individuals have the right to:
• Access their personal
data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Organizations are required
to:
• Provide clear notice of
data collection
• Outline processing
purposes and use cases
• Define data retention
and deletion policies
Our commitment to you
To simplify your path to compliance, we are committing to
GDPR compliance across our cloud services when
enforcement begins on May 25, 2018.
We will share our experience in complying with complex
regulations such as the GDPR.
Together with our partners, we are prepared to help you
meet your policy, people, process, and technology goals on
your journey to GDPR.
Leverage guidance from experts
Simplify your privacy journey
GDPRCompliance
GDPRCompliance
GDPRCompliance
Uncover risk & take action
How do I get started?
Identify what personal data you have and
where it residesDiscover1
Govern how personal data is used
and accessedManage2
Establish security controls to prevent, detect,
and respond to vulnerabilities & data breachesProtect3
Keep required documentation, manage data
requests and breach notificationsReport4
Discover:
In-scope:
•
•
•
•
•
•
•
•
•
•
Inventory:
•
•
•
•
•
•
•
Microsoft AzureMicrosoft Azure Data Catalog
Enterprise Mobility + Security (EMS)Microsoft Cloud App Security
Dynamics 365Audit Data & User Activity
Reporting & Analytics
Office & Office 365 Data Loss Prevention
Advanced Data Governance
Office 365 eDiscovery
SQL Server and Azure SQL Database
SQL Query Language
Windows & Windows ServerWindows Search
Example solutions
1
2
Example solutions
Manage:
Data governance:
•
•
•
•
•
•
•
•
Data classification:
•
•
•
•
•
•
•
Microsoft AzureAzure Active Directory
Azure Information Protection
Azure Role-Based Access Control (RBAC)
Enterprise Mobility + Security (EMS)Azure Information Protection
Dynamics 365Security Concepts
Office & Office 365 Advanced Data Governance
Journaling (Exchange Online)
Windows & Windows ServerMicrosoft Data Classification Toolkit
Classification and labelling Encryption and rights managementIntuitive, one-click process Detailed tracking and reporting
Built-in Azure, no setup required
Automatically discover and monitor security of Azure resources
Gain insights for hybrid resources
Easily onboard resources running in other clouds and on-premises
4
Example solutions
Record-keeping:
•
•
•
•
•
Reporting tools:
•
•
•
•
•
•
Microsoft Trust CenterService Trust Portal
Microsoft AzureAzure Auditing & LoggingAzure Data LakeAzure Monitor
Enterprise Mobility + Security (EMS)Azure Information Protection
Dynamics 365Reporting & Analytics
Office & Office 365 Service AssuranceOffice 365 Audit LogsCustomer Lockbox
Windows & Windows ServerWindows Defender Advanced Threat Protection
Report:
The Service Trust Platform (STP) is a companion feature
to the Microsoft Trust Center, and allows you to:
• Access audit reports across Microsoft cloud services
on a single page.
• Access compliance guides to help you understand
how can you use Microsoft cloud service features to
manage compliance with various regulations.
• Access trust documents to help you understand how
Microsoft cloud services help protect your data.
servicetrust.microsoft.com
Compliance managerManage your compliance from one place
• Real-time risk assessmentAn intelligent score shows your compliance posture
against evolving regulations
• Actionable insightsRecommended actions to improve your data
protection capabilities
• Simplified complianceStreamlined workflow and audit-ready reports
Enabling GDPR compliance in Health
Azure Data Catalog/Azure App Catalog will help discover patient and health data across
your applications, tools and databases.
Microsoft Azure provides a secure
and robust platform to store patient and
health data. Utilize pseudonymizing and
encryption capabilities to increase security
and reduce exposure to risk.
Windows 10 prevents unauthorized apps
from accessing health and patient data,
and health professionals from leaking data
with copy and paste protection.
Compliance Manager helps assess and
track data protection and compliance
posture and get actionable insights to
improve. With an intelligent score, customers
can better understand their compliance
posture against regulatory standards.
Discover Manage Protect Report
Service Trust Platform provides access to audit reports
and compliance guides to help
you understand how can you use
Microsoft cloud service features
to manage compliance
Existing compliance approaches
and attestations already in
alignment with the GDPR provide a
good foundation to start from.
Identity and Access Management
and Conditional Access can help
manage access to data across platforms,
whether in the cloud, on premise or in a
hybrid environment.
GDPR @Microsoft
• https://www.microsoft.com/GDPR
• https://www.gdprbenchmark.com/
SQL and GDPR Guide
BRK3241 Secure your data in Azure SQL Database and SQL Data Warehouse
BRK3087 Azure SQL Database: The world's first intelligent cloud database service
BRK2230 What's new with Azure SQL Database: Focus on your business, not on the database
THR2024 Practical tips and considerations by industry experts on how to become GDPR compliant