Microsoft Azure and Office 365 Get Improved GDPR Compliance Tools
Microsoft announced new tooling enhancements to help businesses that are currently using Office 365 and Azure services.
As the European Union's General Data Protection Regulation (GDPR) requirements are set to become active on May 25, 2018, Microsoft announced new tooling enhancements to help businesses that are currently using Office 365 and Azure services.
The GDPR is a data privacy law that stipulates how the data of EU residents should be handled by organizations and even applies to organizations located outside the EU. In GDPR lingo, the organization is known as a "data controller." Individuals can request information from data controllers about stored data, and ask that it be modified or deleted. There are stiff fines for data privacy violators, up to €20 million or 4 percent of a data controller's annual revenue turnover, whichever is greater.
Microsoft is promising that its services will be GDPR compliant by the May 25 deadline, and it has spun out a bunch of tools for organizations using its services to also stay in compliance with the GDPR. Some of the tools supporting GDPR compliance include:
Last week, Microsoft announced that it released a preview of a new Data Subject Access Request interface in the Security and Compliance Center via a new tab addition, as well as in the Azure Portal.
The Data Subject Access Request interface is also available in the Service Trust Portal, according to an announcement by the Microsoft 365 team. The Service Trust Portal also has new "Breach Notification" documentation. The portal will be getting a "Data Protection Impacts Assessments" section in coming weeks, according to this Microsoft Tech Community post.
A Data Subject Access Request gets carried out by an organization when a person makes a request, such as to provide the data that's been stored or to delete or modify the data. The individual can also request that the data be provided in an electronic format that can be "moved another data controller," according to Microsoft.
The new Data Subject Access Request interface preview lets organizations perform a search for "relevant data across Office 365 locations." It will search across "Exchange, SharePoint, OneDrive, Groups and now Microsoft Teams." It exports the data for review "prior to being transferred to the requestor," Microsoft explained.
The Data Subject Access Request interface preview also works with Microsoft's Advanced Data Governance service, so it can be event based. Here's how the Office 365 team explained the matter:
One DSR scenario an organization may encounter is when a departing employee requests that their data is provided to them. To help with this scenario and others like it, the Event-based retention feature of Advanced Data Governance is now generally available for Office 365 E5 customers.
Microsoft is promising that the Data Subject Access Request capabilities will be out of preview before the May 25 deadline. Microsoft is also promising that IT pros will be able to "execute DSRs against system-generated logs."
Kurt Mackie is senior news producer for 1105 Media's Converge360 group.