Microsoft beefs up compliance support for GDPR
Frank van de Laarschot
- Date: 16 March, 2018
Azure, Dynamics 365, and Office 365 subscribers can now take advantage of the Compliance Manager dashboard which is designed to track an organisation’s status with regard to regulations or standards, in particular the imminent General Data Protection Regulation (GDPR).
The deadline of the 25th of May looms ever-larger for the GDPR to come into effect. And when it does, companies that do business in Europe will need to ensure that their IT resources and processes adhere to the stringent data privacy regulation or face stiff penalties for non-compliance.
In a welcome move, therefore, Microsoft has announced that its Compliance Manager (which was originally previewed last November) is now generally available for Azure, Dynamics 365 and Office 365 Business and Enterprise subscribers in public clouds.
The Compliance Manager dashboard shows Microsoft’s compliance with its apps and services, but you must also use ‘Customer Controls’ in the dashboard to create a checklist for everything else in your computing environment that’s compliance-related.
Helpfully, there are information and tools that will enable you to conduct self-assessments for your specific responsibilities in meeting regulatory requirements. For example, through Compliance Score- a new feature for Compliance Manager which is available for Office 365 – you can gain visibility into your organisation’s compliance stature with a risk-based score reference.
Compliance Score is based on the operating effectiveness of internal controls managed by both Microsoft and you. Failure to implement different controls will result in different levels of risk. From the detailed information page of each assessment, you can find an assigned risk-based score for each control item and prioritise your tasks, enabling you to make better implementation plans based on the risk involved
Elsewhere in Compliance Manager you can also assign, track and record your compliance activities, allowing you to collaborate across teams and manage the necessary documents for creating audit reports more easily.
Outside of Compliance Manager there’s further guidance available to help with GDPR compliance through a large partner community that Microsoft has established. These global partners offer a range of Microsoft-based solutions that include an overall set of controls and capabilities to meet GDPR requirements.
In addition, Microsoft plans to provide a GDPR sensitive information type template to help detect and classify personal data relevant to GDPR. This template will help consolidate sensitive data types into a single template – as well as adding several new personal data types to detect (such as addresses, telephone numbers and medical information).
Make sure you and you teams have all the knowledge and skills required for the 25th May 2018.