GDPR, or General Data Protection Regulation, is set to embark on May 25, 2018. This is the succession to the existing European Unions’ New Data Protection Law and follows the same guidelines, but strengthens individuals’ personal data privacy. It imposes new obligations on organizations that collect, handle or analyse personal data whether it is in the EU or outside.
89 percent of orgsGDPR was set to become a law in April 2016, but given the significant changes for the organization that will be needed to align with the regulation, a two-year transition period is included.
GDPR revolves around six fundamentals:
- Requiring transparency on the handling and use of personal data;
- Limiting personal data processing to specified, legitimate purposes;
- Limiting personal data collection and storage to intended purposes;
- Enabling individuals to correct or request deletion of their personal data;
- Limiting the storage of personally identifiable data for only as long as necessary for its intended purpose;
- Ensuring personal data is protected using appropriate security practices.
Microsoft simplifies the GDPR principles for Office 365 by focusing on the four key steps:
- Discover – Identify what personal data you have and where it resides.
- Manage – Govern how personal data is used and accessed.
- Protect – Establish Security Controls to prevent, detect, and respond to vulnerabilities and data breaches.
- Report – Execute on data requests, report data breaches, and keep required documentation.
There are tools in Office 365 that can help you to address the requirements of GDPR, which will be discussed in later parts of this series.
GDPR is applicable to organizations of all sizes and all industries within the EU, as well as organizations located in other parts of the world, like the US. Any organization that offers goods or services to or monitors the behavior of EU data will be impacted
Image source: Beginning your General Data Protection Regulation (GDPR)
journey for Windows Server, Microsoft, September 2017
Organizations not in compliance with GDPR will be fined upwards of €20 million or four percent of an organization’s annual revenue (whichever is higher).
This blog is going to start a series covering the Office 365-specific topics below and what you can do to prepare:
- O365 Security Score: Office 365 Secure Score is a security analytics tool which calculates your tenant’s security score based on existing security settings and behaviors compares them to a baseline asserted by Microsoft. This is available to O365 admins in the Security & Compliance administrator console.
- Advanced Data Governance: Intelligence and machine-assisted insights to help you find, classify, set policies on, and take steps to manage the data most important to your organization.
- Advanced eDiscovery: Process data quickly and easily with built in tools and machine learning technologies.
- Data Loss Prevention: Identify sensitive data from financial to medical and configure actions to protect it.
- Advanced Threat Protection: Help protect email against real time attacks, prevent phishing and stop new malware that hasn’t been defined in antivirus software.
- Advanced Threat Management: Identify high-risk usage, alert you of a potential breach and set track high risk actions.
- And more…
Ryan Williams | Practice Manager