What’s this GDPR thing about and why does it matter to me?
Be prepared for this required, global regulatory compliance mandate by enabling Microsoft 365 compliance controls.
How companies across the globe approach data security and compliance is about to shift dramatically this upcoming May, and chances are your company will be one of the enterprises effected by these new rules and regulations. Luckily, Microsoft 365 GDPR compliance controls will make this shift much easier for enterprise companies everywhere.
With the European Union’s General Data Protection Regulations (or GDPR), companies must start preparing to protect and enable the personal privacy rights of individuals. So, if you are an organization based outside of the EU and have even one customer in the EU, GDPR applies to you.
Unsure how to keep your enterprise identites secure in the cloud? We can help walk you through Microsoft 365 controls to keep your business secure.
The GDPR establishes strict global privacy requirements governing how you manage and protect personal data while respecting individual choice—no matter where data is sent, processed, or stored. The law imposes new rules on organizations that offer goods and services to individuals in the European Union or on organizations that collect and analyze data tied to EU residents.
There will be significant penalties for business in non-compliance, resulting in either up to twenty million euros or four percent of the global annual revenue (not profit). Given how much is at stake, you should review your organization’s privacy and data management practices right now so that a strategy can be implemented before the GDPR enforcement begins.
Microsoft has set up a framework that leverages the Microsoft 365 platform and it’s tools and features to guide you through the GDPR compliance journey with four simple steps: Discover, Manage, Protect and Report.
To help you understand how Microsoft will help you, we’ll give you some solutions and examples of features that can help guide you through each step of the framework:
Step 1 Discover
In the Discover step, you’ll need to identify what personal data you have and where it resides. With the Microsoft 365 platform you can use:
- Azure with features like Azure Data Catalog, a cloud based service that makes data sources easily discoverable and understandable by the users who manage the data.
- EMS uses Microsoft Cloud App Security, a cloud solution that identifies data in over 13,000 apps from all devices and runs risk assessments and ongoing analytics.
- Office 365 provides Data Loss Prevention (or DLP) features that can help you identify and monitor many categories of sensitive information.
Step 2 Manage
In the Manage step you must govern how personal data is used and accessed within your organization.
- Azure provides Azure Active Directory, an identity and access management solution in the cloud that manages, identifies, and controls access to resources, data, and applications.
- Office 365 uses Advanced Data Governance to help find, classify, set policies on, and take action to manage the Lifecyle of data.
- EMS has Azure Information Protection, a cloud-based solution that helps an organization to classify, label, and protect its documents and emails, and
- Windows provides Microsoft Data Classification Toolkit helps classify data and easily manage access controls.
Step 3 Protect
To achieve the third step, you need to establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
- Azure features Data Encryption which secures data with encryptions both at-rest and in-transit between applications.
- EMS utilizes Microsoft Advanced Threat Analytics, that has many protection features including analyzing and identifying normal and abnormal entity behavior and detecting malicious attacks.
- Office 365 has Mobile Device Management (MDM) which allows you to set up policies to help secure and manage user mobile devices.
- Windows has Device Guard which combats malware through the authorization and management of applications.
Step 4 Reporting
The final step is to keep required documentation, manage data requests and breach notifications
- Azure you can use Microsoft Azure Monitor to easily view and manage data monitoring tasks, detailed performance and utilization data and activity logs.
- EMS has Azure Information Protection that provides rich logging and reporting to analyze how sensitive data is distributed
- Office 365 provides Audit logs that monitor and track user and administrator activities which help with early detection and investigation of security and compliance issures.
- Windows uses Windows Event Log to enable administrators to view logged information about operating systems, applications, and user activities and also enables admins to forward events from clients and servers to a central location for reporting and auditing purposes
Microsoft’s 365 platform offers many more solutions and features that can help your company to comply with the security changes being made with GDPR. If you’re interested in learning more about these and the other features available that can help you on your journey to GDPR compliance you can sign up to take our many classes dedicated to helping you navigate your company towards compliance. Sign up at Cybertraining365.com.
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.