The GDPR provides data subjects\u2014individuals to whom data relates\u2014with more control of how their personal data is captured and used. Data subjects can, for example, request that your organisation shares data that relates to them, transfer their data to other services, correct mistakes in their data, or restrict certain data from further processing in certain cases. In some cases, these requests must be addressed within fixed time periods.<\/p>\n
In order to satisfy your obligations to data subjects, you will need to understand what types of personal data your organisation processes, how, and for what purposes. The data inventory discussed previously is a first step to achieving this understanding. Once that inventory is complete, it is also important to develop and implement a data governance plan. A data governance plan can help you define policies, roles, and responsibilities for the access, management, and use of personal data, and can help you ensure your data handling practices comply with the GDPR. For example, a data governance plan can give your organisation confidence that it effectively respects data subject demands to delete or transfer data.<\/p>\n
To support your data governance strategy, the Microsoft cloud services are developed using the Microsoft Privacy-by-Design and Privacy-by-Default methodology. When you entrust your data to Azure, Office 365 or Dynamics 365, you remain the sole owner: you retain the rights, title and interest in the data you store in the services.<\/p>\n
Microsoft cloud services take strong measures to help protect your customer data from inappropriate access or use by unauthorised persons, as detailed in the Microsoft Trust Center<\/a>. These measures include restricting access by Microsoft personnel and subcontractors and carefully defining requirements for responding to government requests for customer data. However, you can access your own customer data at any time and for any reason.<\/p>\n In addition, we redirect government requests for your data so that they are made directly to you, unless legally prohibited, and we have challenged government attempts to prohibit disclosure of such requests in court.<\/p>\n To help ensure Microsoft cloud services are managed correctly and to provide assurances to our customers, the cloud services are audited at least annually against several global data privacy standards, including HIPAA and HITECH, CSA Star Registry and several ISO standards. These reports are accessible here<\/a>. Beyond these commitments, we provide you with the necessary control to ensure you know how data is managed and who has access to what data within your organisation.<\/p>\n Azure <\/strong><\/p>\n Azure Active Directory<\/a> is an identity and access management solution in the cloud. It manages identities and controls access to Azure, on-premises and other cloud resources, data and applications. With Azure Active Directory Privileged Identity Management, you can assign temporary, Just-In-Time (JIT) administrative rights to eligible users to manage Azure resources.<\/p>\n Azure Role-Based Access Control (RBAC) <\/a>helps you manage access to your Azure resources. This enables you to grant access based on the user\u2019s assigned role, making it easier to grant only the required permissions that users need to perform their jobs. You can customise RBAC per your organisation’s business model and risk tolerance.<\/p>\n Read more: Download the white paper on how Microsoft Azure can help your organisation become compliant with the GDPR<\/a><\/p>\n Office 365 <\/strong><\/p>\n Office 365 solutions have several features that can help you manage personal data:<\/p>\n Data classification is an important part of any data governance plan. Adopting a classification scheme that applies throughout your organisation can be particularly helpful for responding to data subject requests, because it enables you to identify more readily and process personal data requests.<\/p>\n Today, we provide guidance and tools to help you work through the complexities of data classification.<\/p>\n Azure <\/strong><\/p>\n The Data Classification whitepaper<\/a> provides specific guidance for data classification for Azure and walks you through the principles behind data classification techniques, the process, terminology and implementation. The documentation contains a wealth of other information and links.<\/p>\n Dynamics 365 <\/strong><\/p>\n The Dynamics 365 (online) security and compliance planning guide<\/a> provides comprehensive guidance on understanding the key compliance and security considerations associated with planning for a deployment of Dynamics 365 (online) in environments that include enterprise directory integration services such as directory synchronisation and single sign-on. It includes information on data privacy and confidentiality policies, data classification and impact.<\/p>\n Enterprise Mobility + Security (EMS) <\/strong><\/p>\n Azure Information Protection<\/a> can help you classify and label your data at the time of creation or modification. Protection (encryption plus authentication plus use rights) or visual markings can then be applied to sensitive data. Classification labels and protection are persistent, travelling with the data so that it\u2019s identifiable and protected at all times\u2014regardless of where it\u2019s stored or with whom it\u2019s shared.<\/p>\n Read more: Download the white paper on supporting your EU GDPR compliance journey with Microsoft EMS<\/a><\/p>\n Office and Office 365 <\/strong><\/p>\n Windows and Windows Server<\/strong><\/p>\n The Microsoft Data Classification Toolkit<\/a> for Windows Server 2012 R2 provides sample search expressions and rules that you can use to assist compliance activities conducted by your organisation’s IT professionals, auditors, accountants, attorneys and other compliance professionals.<\/p>\n Next step: Protect<\/a> Find out how to manage your GDPR obligations, including understanding what types of personal data your organisation processes, how and for what purposes.<\/p>\n","protected":false},"author":223,"featured_media":1210,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"categories":[1,141,142,143,144,145],"post_tag":[],"content-type":[],"coauthors":[24],"class_list":["post-463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cross-industry","category-financial-services","category-government","category-health","category-manufacturing","category-retail"],"yoast_head":"\n\n
Data classification<\/h2>\n
\n
\nFind out more at a GDPR cloud workshop<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"