How Microsoft 365 products help with GDPR compliance

Help with GDPR compliance

GDPR Compliance

Microsoft products and services are available today to help your business meet the GDPR compliance requirements.  Through cloud services and on-premises solutions they will help you to locate and catalog personal data within your systems, build a more secure environment, simplify your managment and monitoring of personal data and give you the tools and resources you need to meet the GDPR reporting and assesment requirements.  Accelerate your path to GDPR compliance today.  To discover how you can achieve GDPR readiness with Microsoft 365 download the following white paper

Microsoft Azure

Microsoft Azure is designed with industry-leading security measures and privacy policies to safegurad your data in the cloud.  It helps ensure that only authorised users can access your computing environments, data and applications.  It allows tools such as multi factor authentication for highly secure sign-in.  Azure AD Privilidged Identity Managment helps you to reduce risks associated with administrative privleges theough access control, managment and reporting.

Azure Information Protection helps ensure that your data is identifiable and secure, a key requirement of the GDPR-regardless of where it’s stored or how it’s shared.  You can label, classify and protecxt new or exsisting data, share it securly both within or outside your organisation, track usage and even revoke access remotely It also includes rich logging and reporting capabilities to monitor the distribution of data and options to manage and control your encryption keys.

Microsoft Enterprise Mobility + Security

Securing and managing personal data is critical to you, your customers, and to complying with the coming requirements of the GDPR. Microsoft designed Enterprise Mobility + Security to safeguard customer data both in the cloud, and on-premises, with industry-leading security capabilities. This includes personal data no matter where it might travel across your users, devices, and apps. Enterprise Mobility + Security offers innovative technology and solutions today that can help you on your journey to reducing risks and achieving compliance with the GDPR.

Microsoft designed Enterprise Mobility + Security with industry-leading security capabilities to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Enterprise Mobility + Security can help you on your journey to reducing risks and achieving GDPR compliance.

The GDPR obligations include discovering what personal data you hold and where it resides, controlling how your users access and use personal data, and establishing security controls to prevent, detect, and respond to vulnerabilities and data breaches.

Enterprise Mobility + Security features identity-driven security technologies that help you discover, control, and safeguard personal data held by your organization, reveal potential blind spots, and detect when data breaches occur:

  • Azure Active Directory (Azure AD) helps you ensure that only authorized users can access your computing environments, data, and applications. It features tools such as Multi-Factor Authentication for highly secure sign-in. Additionally, Azure AD Privileged Identity Management helps you reduce risks associated with administrative access privileges through control, management and reporting of these critical administrative roles.
  • Microsoft Cloud App Security helps you discover all the cloud apps in your environment, identify users and usage, and get a risk score for each app. You can then decide if you’d like your users to access these apps. Cloud App Security then provides visibility, control, and threat protection for the data stored in those cloud apps. You can shape your cloud security posture by setting policies and enforcing them on Microsoft and third-party cloud applications. Finally, whenever Cloud App Security discovers an anomaly, it sends you an alert.
  • Microsoft Intune helps you protect data that may be stored on personal computers and mobile devices. You can control access, encrypt devices, selectively wipe data, and control which applications store and share personal data. Intune can help you inform users about your management choices by posting a custom privacy statement and terms of use. It also gives you the ability to rename or remove devices.
  • Microsoft Azure Information Protection helps ensure that your data is identifiable and secure, a key requirement of the GDPR—regardless of where it’s stored or how it’s shared. You can classify, label, and protect new or existing data, share it securely with people within or outside of your organization, track usage, and even revoke access remotely. Azure Information Protection also includes rich logging and reporting to monitor the distribution of data, and options to manage and control your encryption keys.
  • Microsoft Advanced Threat Analytics helps pinpoint breaches and identifies attackers using innovative behavioral analytics and anomaly detection technologies. Advanced Threat Analytics is deployed on-premises and works with your existing Active Directory deployment. It employs machine learning and the latest user and entity behavioral analytics to help find advanced persistent threats and detect suspicious activities and malicious attacks used by cybercriminals, to help identify breaches before they cause damage to your business.

Microsoft Office and Office 365

Microsoft designed Office and Office 365 with industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Office and Office 365 can help you on your journey to reducing risks and achieving GDPR compliance.

One essential step to meeting the GDPR compliance obligations is discovering and controlling what personal data you hold and where it resides. There are many Office 365 solutions that can help you identify or manage access to personal data:

  • Data Loss Prevention (DLP) in Office and Office 365 can identify over 80 common sensitive data types including financial, medical, and personally identifiable information. In addition, DLP allows organizations to configure actions to be taken upon identification to protect sensitive information and prevent its accidental disclosure.
  • Advanced Data Governance uses intelligence and machine-assisted insights to help you find, classify, set policies on, and take action to manage the lifecycle of the data that is most important to your organization.
  • Office 365 eDiscovery search can be used to find text and metadata in content across your Office 365 assets—SharePoint Online, OneDrive for Business, Skype for Business Online, and Exchange Online. In addition, powered by machine learning technologies, Office 365 Advanced eDiscovery can help you identify documents that are relevant to a particular subject (for example, a compliance investigation) quickly and with better precision than traditional keyword searches or manual reviews of vast quantities of documents.
  • Customer Lockbox for Office 365 can help you meet compliance obligations for explicit data access authorization during service operations. When a Microsoft service engineer needs access to your data, access control is extended to you so that you can grant final approval for access. Actions taken are logged and accessible to you so that they can be audited.

Another core requirement of the GDPR is protecting personal data against security threats. Current Office 365 features that safeguard data and identify when a data breach occurs include:

  • Advanced Threat Protection in Exchange Online Protection helps protect your email against new, sophisticated malware attacks in real time. It also allows you to create policies that help prevent your users from accessing malicious attachments or malicious websites linked through email.
  • Threat Intelligence helps you proactively uncover and protect against advanced threats in Office 365. Deep insights into threats—provided by Microsoft’s global presence, the Intelligent Security Graph, and input from cyber threat hunters—help you quickly and effectively enable alerts, dynamic policies, and security solutions.
  • Advanced Security Management enables you to identify high-risk and abnormal usage, alerting you to potential breaches. In addition, it allows you to set up activity policies to track and respond to high risk actions.
  • Office 365 audit logs allow you to monitor and track user and administrator activities across workloads in Office 365, which help with early detection and investigation of security and compliance issues.

 

To discuss anything in further details do not hesitate to contact us

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply