Microsoft has ramped up compliance in response to business concerns various compliances, FedRAMP, ISO and especially over General Data Protection Regulation (GDPR). The enforcement date of GDPR being the 25th of May 2018, compliance is imperative and Microsoft is providing help.
GDPR is by far the most encompassing and digital citizen-centric regulation in existence. It not only covers data in the EU but outside the EU as well. The penalties can be 4% of annual global turnover or just over $23 million whichever is greater. That should be an incentive to comply with any organization. Then there is the matter of consent. They essential remove the cleaver “legalese” from the equation regarding user data. They require clear, distinguishable and clear language in consent forms.
GDPR establishes guidelines for breach notification, right to access, right to be forgotten, data portability, privacy by design and require what they called a Data Protection Officer. Each of these subjects merits a full exploration on its own but I will simply link you here.
If your organization conducts business anywhere in the European Union (EU) then you will be happy to learn about Microsoft’s Compliance Manager for Microsoft Cloud Services. Compliance Manager is currently in preview but already covers Azure, Dynamics 365 and Office 365. Whilst at the time of this writing Germany a key market is not covered under the preview, I am confident that it will be prior to GDPR’s enforcement date.
Compliance Manager divides the controls in two. The controls managed by Microsoft and the controls that rely on the organization.
For those controls that require implementation by the organization. Compliance Manager provides recommended actions to implement these controls. It even allows the assignment of the task to other admins. It displays the varying status of a control and can be marked as implemented, alternative implementation, planned or simply not in scope. The result of a control can be marked as passes, failed low risk, failed medium risk and failed high risk.
Compliance Manager functions with role-based access controls used to delegate the compliance of controls and task. It provides all the information needed to articulate auditors need. The most important portion is a clear status, date, description of the compliance and result of the control. The icing on the cake is the audit ready reporting that exports reports to excel with all the details required.
Microsoft Compliance Manager is not going to solve every organizations GDPR. Microsoft clearly states that “Compliance Manager only provides recommendations and should not be interpreted as a guarantee of compliance”. While this is true it is a step in the right direction for both Microsoft and for organizations to start to get a better handle on regulatory compliance.
Do you want access to the preview? You can via the Service Trust Portal. Please try it out and provide Microsoft with feedback, be vocal it’s the only way we as a community can voice our concerns and have Microsoft improve their products and services.
Security & Privacy Blog post
Microsoft Compliance Manager Demo Video
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.