With the General Data Protection Regulation (GDPR) taking effect, today marks a milestone for individual privacy rights. We live in a time where digital technology is profoundly impacting our lives, from the way we connect with each other to how we interpret our world. Central to this digital transformation is the ability to store and analyze massive amounts of data to generate deeper insights and more personal customer experiences. This helps all of us achieve more than ever before, but it also leaves an extensive trail of data, including personal information and sensitive business records that need to be protected.

At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. Trust is at the core of everything we do because we have long appreciated that people won’t use technology they don’t trust. We also believe that privacy is a fundamental human right that needs to be protected. As Julie Brill, Microsoft privacy lead, notes in her recent blog, Microsoft believes GDPR establishes important principles that are relevant globally.

In addition to our ongoing commitment to privacy, we made a number of investments over the last year to support GDPR and the privacy rights of individuals. Here is a recap of how you can use these capabilities to help your organization on the path to GDPR compliance.

Assess and manage compliance risk

Because achieving organizational compliance can be very challenging, understanding your compliance risk should be your first priority. Customers have told us about their challenges with the lack of in-house capabilities to define and implement controls and inefficiencies in audit preparation activities.

The Compliance Manager and Compliance Score helps you continuously monitor your compliance status. Compliance Manager captures and provides details for each Microsoft control, which has been implemented to meet specific requirements, including implementation and test plan details, and management responses if necessary. It also provides recommended actions your organization can take to enhance data protection capabilities and help you meet your compliance obligations.

Here’s a look at how Microsoft 365 customer Abrona uses Compliance Manager:

Protect personal data

At its core, GDPR is all about protecting the personal data of individuals—making sure there is proper security, governance, and management of such data to help prevent it from being misused or getting into the wrong hands. To help ensure that your organization is effectively protecting personal data as well as sensitive content relevant to organizational compliance needs, you need to implement solutions and processes that enable your organization to discover, classify, protect, and monitor data that is most important.

The information protection capabilities within Microsoft 365, such as Office 365 Data Governance and Azure Information Protection, provide an integrated classification, labeling, and protection experience—enabling more persistent protection of your data—no matter where it lives or travels. A proactive data governance strategy of classification of personal and sensitive data enables you to respond with precision when you need to find the relevant data to satisfy a regulatory request or requirement like a Data Subject Request (DSR) as a part of GDPR.

Azure Information Protection scanner addresses hybrid and on-premises scenarios by allowing you to configure policies to automatically discover, classify, label, and protect documents in your on-premises repositories such as the File Servers and on-premises SharePoint servers. You can deploy the scanner in your own environment by following instructions in this technical guide.

Azure’s fully managed database services, like Azure SQL Database, help alleviate the burden of patching and updating the data platform, while bringing intelligent built-in features that help identify where sensitive data is stored. New technologies, like Azure SQL Data Discovery and Classification, provide advanced capabilities for discovering, classifying, labeling, and protecting the sensitive data at the database level. Protect personal data with technologies like Transparent Data Encryption (TDE) that offer Bring Your Own Key (BYOK) support with Azure Key Vault integration.

Let’s take a look at how Microsoft 365 customer INAIL leverages Azure Information Protection to classify, label, and protect their most sensitive data:

Respond with confidence

Ensuring processes are in place to efficiently manage and meet certain GDPR requirements, such as responding to DSRs or responding to data breaches, is a tough hurdle for many organizations.

To help you navigate the GDPR resources provided across cloud services, we introduced the Privacy tab in the Service Trust Portal last month. It provides you with the information you need to prepare for your own Data Protection Impact Assessments (DPIAs) on Microsoft Cloud services, the guidance for responding to DSRs, and the information about how Microsoft detects and responds to personal data breaches and how to receive notifications directly from Microsoft.

Watch the new Mechanics video to learn more about the GDPR resources in the Service Trust Portal.

Features to support DSRs

Several features help support DSRs across Microsoft Cloud services, including a Data Privacy tab in Office 365, an Azure DSR portal, and new DSR search capabilities in Dynamics 365.

The new Data Privacy tab, GDPR dashboard, and DSR experience in Office 365 are now generally available for all commercial customers. This experience is designed to provide you with the tools to efficiently and effectively execute a DSR for Office 365 content—such as Exchange, SharePoint, OneDrive, Groups, and now Microsoft Teams.

As Kelly Clay of GlaxoSmithKline says, “The GDPR 2016/679 is a regulation in E.U. law on data protection and privacy for all individuals within the European Union. GDPR also brings a new set of ‘digital rights’ for E.U. citizens in an age of an increase of the economic value of personal data in the digital economy. GDPR will require large data holders and data processors to manage DSRs, and organizations will need tools in Office 365 to manage DSRs.”

Patrick Oots of the law firm Shook, Hardy & Bacon observes his client organizations and their steps towards GDPR. “We are excited to see Microsoft investing in Office 365. As our clients prepare for GDPR, we see tremendous value in tools within the Data Privacy Portal to manage DSRs in response to Article 15. As data privacy law evolves, we remind our Office 365 clients of the overall importance in the proper implementation of information governance polices within the Security & Compliance Center to minimize risk.” Patrick further highlights how a proactive data governance strategy can help organizations react to regulations such as GDPR with precision when required.

The Azure DSR portal is now also generally available. Using the Azure DSR portal, tenant admins can identify information associated with a user and then correct, amend, delete, or export the user’s data. Admins can also identify information associated with a data subject and will be able to execute DSRs against system-generated logs (data Microsoft generates to provide a given service) for Microsoft Cloud services. Other new offerings from Azure include the general availability of Azure Policy, Compliance Manager for Azure GDPR, and the Azure Security and Compliance Blueprint for GDPR.

Learn more by reading the Azure blog post on GDPR features.

To help customers respond to DSRs in Dynamics 365, we have two search capabilities: Relevance Search and the Person Search Report. Relevance Search gives you a fast and simple way to find what you are looking for, and is powered by Azure Search. The Person Search Report offers a prepackaged set of extendible entities, which Microsoft authored, to identify personal data used to define a person and the roles they might be assigned to.

You can learn more in the Dynamics 365 blog post.

The new Windows Privacy hub converges related content about Windows privacy on docs.microsoft.com. Here you can find new guidance to help IT decision makers get ready for GDPR, a list of Windows 10 services configuration settings used for personal data privacy protection, understand Windows diagnostic data, and much more.

Handling data breaches

The onset of GDPR also means stricter regulations that organizations must adhere to in the event of a data breach. Microsoft 365 has a robust set of capabilities, from Office 365 Advanced Threat Protection (ATP) to Azure ATP, that can help protect against and detect data breaches.

Get started today on your GDPR journey with Microsoft

Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights and provide GDPR related assurances in our contractual commitments.

No matter where you are in your GDPR efforts, we are here to help on your journey to GDPR compliance. We have several resources available to help you get started today:

• Download our free white paper and e-book.
• Take our free online GDPR assessment.
• Find a GDPR partner.

Learn more about how Microsoft can help you with the GDPR.

The post Safeguard individual privacy rights under GDPR with the Microsoft intelligent cloud appeared first on Microsoft 365 Blog.

Despite these concerns, only 41 percent of SMBs say they have the ability to remotely remove data from a lost or stolen device, and only half said they use email encryption—two capabilities considered essential by larger enterprises. SMBs say they lack the expertise to implement sophisticated IT solutions, which many of them see as unaffordable and too complex. You can explore the survey data further in our interactive infographic below.

Microsoft 365 Business—built for SMBs

To further protect SMBs from cyberthreats and safeguard sensitive information, today we’re announcing the addition of advanced security features in Microsoft 365 Business, which gives businesses with up to 300 employees an affordable, comprehensive solution for empowering employees and safeguarding business data. Microsoft 365 Business includes Office 365 for productivity and collaboration, plus device management and security capabilities to protect company information across the devices people use for work. Now we’re adding new ways to protect against phishing and ransomware and prevent unintentional leaks of business data.

SMB security survey—interactive infographic

Protect your employees from phishing and ransomware

Cyber criminals use phishing and ransomware attacks to get people to download viruses and malware or unwittingly give out sensitive information. These attacks can cause significant issues for a business, ranging from loss of customer trust to financial woes.

To help bolster your defenses against phishing, malware, and viruses, Microsoft 365 Business now includes advanced protection from cyberthreats, including:

• Sophisticated scanning of attachments and AI-powered analysis to detect and discard dangerous messages.
• Automatic checks of links in email to assess if they are part of a phishing scheme and prevent users from accessing unsafe websites.
• Device protection to prevent devices from interacting with ransomware and other malicious web locations.

Prevent unintentional leaks of business data

Most SMBs handle sensitive information, with over half collecting and storing social security numbers, and 29 percent handling bank account details. Preventing unintentional leaks of these types of sensitive information can be a challenge, despite the best efforts and good intentions of employees.

To help you protect your sensitive business data, we’re adding the following capabilities to Microsoft 365 Business:

• Data loss prevention policies to identify, monitor, and protect sensitive information such as social security and credit card numbers.
• Information protection in Outlook to let you and your employees manage access to sensitive data in emails. For example, you can set encryption rules to prevent an email from being forwarded, copied, or pasted into other programs.
• Email archiving and preservation policies to help ensure data is properly retained with continuous data backup and compliance.
• The ability to enforce BitLocker device encryption on all Windows devices to help protect against data theft or exposure if a protected device is lost or stolen.

Microsoft 365 Business also offers industry-leading privacy protections. You remain the sole owner of your data, with controls over who in your business can access which data.

Comprehensive protection in a single subscription

CEO of Solace IT Solutions, Chris Oakman, works with SMBs to help them get up and running with the right technology. He says it doesn’t have to be complicated and expensive to keep your team productive and your business data secure.

“I work with a lot of small businesses that have historically had to pay for individual security services like spam filtering and anti-phishing,” said Oakman. “For these businesses, Microsoft 365 Business could save them up to $3,000 per year while including these and many other data protection capabilities in a more integrated way.”

With the addition of these new capabilities, Microsoft 365 Business offers your business a complete solution for productivity, security, and device management. Watch this video to learn how iSalon Software, a U.K.–based developer of software solutions for hair salons, uses Microsoft 365 Business to be more productive and secure:

Learn more

The threat protection, archiving, and information protection features are available to new Microsoft 365 Business customers and will roll out to existing customers over the next few weeks. Data loss prevention and support for features dependent on the Office desktop applications will roll out in the coming months. Read our support article for Microsoft 365 Business to learn more about how to enable the security enhancements.

Microsoft is committed to helping empower and safeguard SMBs across the globe. To learn more about how Microsoft 365 Business can help your business, take a guided tour. You can also contact your Microsoft Partner, or visit a Microsoft Store to sign up for a Microsoft 365 Business: Safe and Secure or Cybersecurity for Small Business free in-store workshop.

The post Safeguard your business with new security features for Microsoft 365 Business appeared first on Microsoft 365 Blog.