Enforcement of the General Data Protection Regulation (GDPR) will begin this May 25th. Are you ready? If not, Microsoft offers some information-protection solutions to help your organization identify, classify, and protect your data. The tools track your adherence to the regulations, ensure you’re able to identify sensitive data, and can prevent that data from escaping your organization via email, etc. While this article focuses on GDPR policy management, the info also applies to other regulations (e.g. HIPAA).
What is GDPR?
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation designed to protect the personally identifiable information of a citizen of the EU. This data includes name, home address, e-mail, even things like IP addresses and photos. The regulation gives members of the EU the right “to be forgotten” which means their data must be purged from your system. However, this regulation is not only limited to companies in the EU. U.S. businesses with customers in the EU are also required to comply. Failure to do so may result in a penalty of twenty million Euros, or 4% of your worldwide annual revenue for the prior financial year, whichever is higher.
Getting Started – Security & Compliance Center
To get started, visit the Security & Compliance Center found in your Office 365 tenant. There you’ll find help to get you started setting up your compliance plan and ramping up the compliance regulations most relevant to you. Given that GDPR is right around the corner, it’s no surprise that GDPR content is front and center.
The Security & Compliance Center offers many additional features to help you find and protect your data from threats of inappropriate content sharing. A GDPR dashboard helps you understand the regulation better and includes some tools to help you maintain compliance.
The “Ramp up on GDPR” section offers information and tools around the four phases of compliance: Discover, Govern, Protect, and Monitor & Respond.
The “Govern” section includes a link to their Compliance Manager, which provides an overview of how well your organization is managing its compliance plan. As a service provider, Microsoft is required to assist with your compliance. The GDPR dashboard also computes your Compliance Score, letting you quickly determine if your organization is doing what it needs to be doing and assign tasks accordingly. As shown in the screenshot below, Microsoft has maintained their 41 GDPR actions while the sample company hasn’t started or completed any of their 60 actions.
Drilling down into the actions takes the user to the details page, which displays task completion and date of last update.
When expanded, the sections display additional information (e.g. which Office 365 services are covered under the plan, details around each action). The example below includes an article that Microsoft maintains, its compliance score, the date it was tested, and that it passed an inspection by a 3rd party independent auditor.
Actions are displayed further down the page. Users must assign a manager to each action.
Below each item, a “More” link displays each item action (when expanded). Users may also enter the Implementation Details, Test Plan, and the Management Response.
Further, a form lets users set the priority level and designate a team member responsible for each action item. This person is then notified of their responsibilities.
Once a user has been assigned, the status, implementation status, implementation date, test date and test results may also be specified.
Once updated, the data appears in the user’s dashboard.
GDPR is a significant new regulation with enforcement beginning May 25th and hefty penalties for noncompliance. This brief introduction should help you start planning your compliance plan for GDPR and others. To help you tackle your compliance policies and the tools used to maintain compliance, the Security & Compliance Center and Compliance Manager provide context-specific links to more detailed information. Whether your organization is affected by GDPR (or by other regulations), be sure to investigate the tools mentioned above to ensure your compliance. For further help understanding the impact the GDPR will have on your organization, for advice on maintaining compliance, or for more information on the data and device-protection tools available in Office 365, check out our . We’d love to help you out.
SharePoint/Office 365 Architect