The General Data Protection Regulation (GDPR) affects more organizations that you’d expect. This sweeping new law applies to all companies that collect and process data belonging to European Union (EU) citizens, even if this is done outside of the EU. Preparing your Microsoft IT to be compliant with these new regulations taking into effect May 25, 2018 can be done within five-steps.
To prepare for GDPR, organizations and IT need to use this five-step process in evaluating their roadmap to make their Microsoft environment compliant with the revised privacy rights.
1. Understanding the Law
It’s important to know your organization’s obligations under GDPR as it relates to collecting, processing, and storing data, including the legislation’s many special categories. For Canadian organizations, knowing the slight differences between Canada’s Privacy Laws and GDPR’s requirements can reduce the burden of completely reorganizing your organization’s data compliance structure.
2. Assess your Readiness with this GDPR Assessment
Perform a data discovery of your current infrastructure and what is currently protected. Assess your readiness with this GDPR Assessment
3. Know which data is regulated and how
Know where your organization lapses in security and infrastructure development? Perform data discovery on the following platforms. Classify who has access to different types of data, who shares the data and what applications process that data.
The following is taken from Microsoft’s Beginning your General Data Protection Regulation Journey
Azure
As Azure is an open and flexible cloud platform, it includes a service to help make data sources easily discoverable and identifiable. The Microsoft Azure Data Catalog is a fully managed cloud service that serves as a system of registration and system of discovery for your organization’s data sources. In other words, Azure Data Catalog is all about helping you discover, understand, and use data sources to get more value from your existing data. Once a data source has been registered with Azure Data Catalog, its metadata is indexed by the service so that you can easily search to discover the data you need.
Dynamics 365
Dynamics 365 provides several visibility and auditing capabilities that can be used through the Reporting & Analytics dashboards of Dynamics 365 to identify personal data:
- Dynamics 365 includes a Report Wizard that you can use to easily create reports without using XML or SQL-based queries.
- Dashboards in Dynamics 365 provide an overview of business data—actionable information that’s viewable across your organization.
- Microsoft Power BI is a self-service business intelligence (BI) platform you can use to discover, analyze, and visualize data, and share or collaborate on these insights with colleagues.
Enterprise Mobility Suite
There are several specific Office 365 solutions that can help you identify or manage access to personal data:
- Data Loss Prevention (DLP) in Office and Office 365 can identify over 80 common sensitive data types including financial, medical, and personally identifiable information.
- Content search in the Office 365 Security & Compliance Center can search across mailboxes, public folders, Office 365 Groups, Microsoft Teams, SharePoint Online sites, One Drive for Business locations, and Skype for Business conversations.
- Office 365 eDiscovery search can be used to find text and metadata in content across your Office 365 assets—SharePoint Online, OneDrive for Business, Skype for Business Online, and Exchange Online.
- Office 365 Advanced eDiscovery, powered by machine learning technologies, can help you identify documents that are relevant to a particular subject (for example, a compliance investigation) quickly and with better precision than traditional keyword searches or manual reviews of vast quantities of documents. Advanced eDiscovery can significantly reduce cost and effort to identify relevant documents and data relationships by using machine learning to train the system to intelligently explore large datasets and quickly zero in on what’s relevant—reducing the data prior to review.
- Advanced Data Governance uses intelligence and machine-assisted insights to help you find, classify, set policies on, and take action to manage the lifecycle of the data that is most important to your organization.
SQL Server/Azure SQL Database
The SQL language can be used to query databases and to customize tools or services that may help enable this requirement. Search is fully supported through queries, although full trace logging should be done at the application level. The Script task provides code to perform custom functions, such as complex data queries that are not available in the built-in tasks and transformations that SQL Server Integration Services provides. The Script task can also combine functions in one script instead of using multiple tasks and transformations. This product suite also includes powerful business intelligence functionality providing end-user access to data insights.
Windows 10 and Windows Server 2016
To find data within Windows, you can utilize Windows Search to trace and locate personal data on your local machine and any connected devices that you have adequate permissions to access. To enhance the capabilities of Windows Search to locate the target data, you can configure Indexing Options in the Control Panel to customize the capabilities of Windows Search (for example, indexing file contents).
4. Begin with critical data and procedures
Assess the risks to all private data, and review policies and procedures. Apply security measures to production data containing core assets, and then extend those measures to back-ups and other repositories.
5. Appoint Professionally Qualified Officers and Educate
Engage with company policy makers, legal and executives now to ensure there’s a plan in motion. For organizations over 250 users, there must be a professionally qualified officer to review and help educate employees company-wide on:
- Personal Privacy
- Controls and notifications
- Transparent Policies
- IT and Training
Look into Microsoft 365 as a conclusive platform on which to build a profitable set of security and productivity solutions to simplify the task of identifying, classifying, and governing personal data. Learn more about Microsoft 365 and Softlanding’s Managed Services offering.
Resources
Obtain your Office 365 Security Score
Currently using Office 365? Get scored on how well you rank based off your regular activities and security settings. Take the test here.