Tackling GDPR with Microsoft 365 and Office 365

#AllAccessIT#AllAccessIT

Tackling GDPR with Microsoft 365 and Office 365

Andrew Bettany, MVP, Author


Live life without regret, believe in your potential, don’t stop!

Andrew Bettany

• IT Masterclasses Ltd – bespoke technical training• Microsoft Most Valuable Professional since 2012• Windows User Group• Microsoft Press Windows Author• Freelance Trainer / Course Author• Microsoft Learning Regional Lead for UK• LinkedIn & Pluralsight Video Author

Specialties: Microsoft 365 | Windows Client | Windows Server | Deployment

[email protected] @andrew_bettany

Providing clarity and consistency for the protection of personal data

Enhanced personal privacy rights

Increased duty for protecting data

Mandatory breach reporting

Significant penalties for non-compliance

The General Data Protection

Regulation (GDPR) imposes new

rules on organizations in the European

Union (EU) and those that offer goods

and services to people in the EU, or that

collect and analyze data tied to EU

residents, no matter where they are

located.

#AllAccessIT

#AllAccessIT

m

Providing clarity and consistency for the protection of personal data

BREXIT has no impact on GDPR

Information Commissioner will be the authority in charge in the UK

May 2018 GDPR becomes effective

Data Protection Bill will replace theData Protection Act 1998GDPR has direct effect across

all EU member states

UK Data Protection Bill

implements the General Data

Protection Regulation plus

additional National Security

provisions

Personal dataAny information related to an

identified or identifiable natural

person including direct and

indirect identification.

Examples include:

• Name

• Identification number (e.g., N.I

numbers)

• Location data (e.g., home

address)

• Online identifier (e.g., e-mail

address, screen names, IP

addresses, device IDs)

How GDPR defines personal data

Sensitive personal dataPersonal data afforded enhanced

protections:

• Genetic data (e.g., an individual’s gene

sequence)

• Biometric Data (e.g., fingerprints, facial

recognition, retinal scans)

• Sub categories of personal data

including:

• Racial or ethnic origin

• Political opinions, religious or

philosophical beliefs

• Trade union membership

• Data concerning health

• Data concerning a person’s sex life or

sexual orientation

How GDPR defines personal data

Key changes needed to address GDPR?

Personal

privacy

Controls and

notifications

Transparent

policies

IT and training

Organizations will need to:

• Train privacy personnel

& employee

• Audit and update data

policies

• Employ a Data

Protection Officer (if

required)

• Create & manage

compliant vendor

contracts

Organizations will need to:

• Protect personal data

using appropriate security

• Notify authorities of

personal data breaches

• Obtain appropriate

consents for processing

data

• Keep records detailing

data processing

Individuals have the right to:

• Access their personal

data

• Correct errors in their

personal data

• Erase their personal data

• Object to processing of

their personal data

• Export personal data

Organizations are required

to:

• Provide clear notice of

data collection

• Outline processing

purposes and use cases

• Define data retention

and deletion policies

Protecting customer

privacy with GDPR

Improved data policies to provide control to data subjects and ensure

lawful processing

Stricter control on where personal data

is stored and how it is used

Better data governance

tools for better transparency,

recordkeeping and reporting

What does this mean for my data?

GDPR Compliance

• Data Classification

and Labeling

• Data Protection

• Data Retention

• Audit

• Disposal

• User and

Device

Protection

Classification and labellingDiscover personal data and apply persistent labels

Labels are persistent and

readable by other systems

e.g. DLP engine

Labels are metadata

written to dataSensitive data is

automatically detected

Information Protection is ALL about Labelling

Payroll

No Personal Identifiable Information

Consumer

Do not delete

Ex Employee

Contains PII

Employee

Bank Details


Azure Information Protection DemoAndrew Bettany

PCs, tablets, mobile

Office 365 Data Loss PreventionWindows Information Protection & BitLocker for Windows 10

Azure Information Protection

Exchange Online, SharePoint Online,

Skype for Business & OneDrive for Business

Highly regulated

Microsoft Intune MDM & MAM for Windows, iOS & Android Microsoft Cloud App Security

Office 365 Advanced Data Governance

Azure Information Protection

Comprehensive protection of sensitive data across devices, cloud services, and on-premises

Windows 10 Office 365 EM+S & Cloud

Services

Advanced Device Management

#AllAccessIT

Microsoft 365 Business

Microsoft 365 Education

Microsoft 365 Enterprise

*Offered on a per user/per month


Security & Compliance Controls

• The most secure and up-to-date version of Office & Windows

• Threat Protection (Virus, Malware) for emails

• Malware and Spyware Detection and Removal

• Virus Detection and Removal, Boot Time Protection

• Data Always encrypted on devices

• 2 Factor authentication needed to access data on PC/Mobile

• Protect data on Mobile Devices (Copy/Paste/Save operations)

• Benchmark your controls with Secure Score

• Gain visibility with the Security & Compliance Center


Office 365 Business Premium

Windows 10 Pro

EM+S*

* Limited Intune and Azure AD

Premium features

Microsoft 365 Business £15.10 per user/per

month

(Compared to Office 365 Business Premium

£9.40 per user/per month)

Small to mid-size

businesses for up to 300

Microsoft 365 Enterprise E3

Identity, Information & Device Protection

• Classification and Labeling

• Multi-Factor Authentication

• Message Encryption and Rights Management

• Tracking, Reporting, and Revoking Privileges

• Advanced Threat Protection: Safe Links, Safe Attachments

• Cloud App Security


Office 365 Enterprise E3*

Windows 10 Enterprise E3

EM+S E3

* + On-premises server rights

for SharePoint, Exchange, Skype

for Business


£28.00 per user/per month


Advanced Compliance & Protection

• Automatically classify, protect & preserve sensitive data

• Shadow IT Detection with Microsoft Cloud App Security

• Real Time Risk based access to corporate network

• Anomalous Attack Detection and Reporting

• Single Sign On to 2700+ non-Microsoft Cloud Apps

• Additional customer access controls for Microsoft support

• Windows Defender Advanced Threat Protection

Microsoft 365Enterprise E5

Office 365 Enterprise E5*

Windows 10 Enterprise E5

EM+S E5


£51.90 per user/per month

* + On-premises server rights

for SharePoint, Exchange, Skype

for Business

Microsoft Cloud App Security

Discover and

assess risks

Control access

in real time

Detect

threats

Protect your

information

Identify cloud apps on your network, gain visibility into

shadow IT, and get risk assessments and ongoing

analytics

Manage and limit cloud

app access based on

conditions and session

context, including user

identity, device, and

location

Identify high-risk usage and detect unusual

behavior using Microsoft threat intelligence and

research

Get granular control over data and use built-in or custom policies for data

sharing and data loss prevention


Cloud App Security DemoAndrew Bettany

Microsoft 365 Enterprise Technology Benefit E3 E5

Azure Active Directory

Premium P1

Secure single sign-on to cloud and on-premises app

MFA, conditional access, and advanced security

reporting● ●

Azure Active Directory

Premium P2

Identity and access management with advanced

protection for users and privileged identities ●

Microsoft IntuneMobile device and app management to protect

corporate apps and data on any device ● ●

Azure Information

Protection P1

Encryption for all files and storage locations

Cloud-based file tracking● ●

Azure Information

Protection P2

Intelligent classification and encryption for files

shared inside and outside your organization ●

Microsoft Cloud App

Security

Enterprise-grade visibility, control, and protection

for your cloud applications ●

Microsoft Advanced

Threat Analytics

Protection from advanced targeted attacks

leveraging user and entity behavioral analytics ● ●

Identity and access management

Managed mobileproductivity

Information protection

Threat Detection


Resourceshttps://www.microsoft.com/TrustCenter/Privacy/gdpr/default.aspx

https://www.microsoft.com/microsoft-365/business

https://docs.microsoft.com/microsoft-365/business

https://www.microsoft.com/microsoft-365/enterprise

https://www.microsoft.com/cloud-platform/enterprise-mobility-security

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

Contact [email protected] to discuss:

• Microsoft 365 Technical Training

• GDPR awareness training

Tackling GDPR with Microsoft 365 and Office 365

Documents

Transcript of Tackling GDPR with Microsoft 365 and Office 365