With the GDPR deadline looming closer everyday, Microsoft has started to apply General Data Protection Regulation (GDPR) to its cloud services.
Microsoft recently announced that they are providing some enhancements to help organizations using Azure and Office 365 services meet GDPR requirements. With these improvements they aim at ensuring that both Microsoft’s services and the organizations benefiting from them will be GDPR-compliant by the law’s enforcement date.
Microsoft tools supporting GDPR compliance are as follows:
- Service Trust Portal, provides GDPR information resources
- Security and Compliance Center in the Office 365 Admin Center
- Office 365 Advanced Data Governance for classifying data
- Azure Information Protection for tracking and revoking documents
- Compliance Manager for keeping track of regulatory compliance
- Azure Active Directory Terms of Use for obtaining user informed consent
Microsoft recently released a preview of a new Data Subject Access Request interface in the Security and Compliance Center and the Azure Portal via a new tab. According to Microsoft 365 team, this interface is also available in the Service Trust Portal. Microsoft Tech Community post also claims that the portal will be getting a “Data Protection Impacts Assessments” section in the coming weeks.
Organizations can now perform a search for “relevant data across Office 365 locations” with the new Data Subject Access Request interface preview. This helps organizations search across Exchange, SharePoint, OneDrive, Groups and Microsoft Teams. As explained by Microsoft, once searched the data is exported for review prior to being transferred to the requestor.
According to Microsoft, the Data Subject Access Request capabilities will be out of preview before the GDPR deadline of May 25th. It also claims that IT professionals will be able to execute DSRs (Data Subject Requests) against system-generated logs.
To know more in detail you can visit Microsoft’s blog post.