Have questions on GDPR? We have the answers for you in a weekly series. In this blog, learn how to maintain compliance.
If your data resides in Office 365, you could start using tools you may already own to comply with GDPR.
Security & Compliance Center
The Security & Compliance Center offers many features to discover and protect your data. A GDPR dashboard helps you understand the regulation and includes tools to help you maintain compliance.
- Tools to help with GDPR section offers various tools to help you on your journey of becoming GDPR compliant. These tools help discover, govern, protect and monitor personal data in your organization.
- Ramp up on GDPR section provides general information and a quick overview of some of the Office 365 tools you can use to become GDPR compliant.
- Data subject requests (DSR) and report sections to provide you tools to create a special type of Office 365 eDiscovery case holding a content search designed to retrieve the information for a data subject. The reporting section provides you the ability to quickly glance at the number of active and closed cases for the past 60 days.
Compliance Manager
Microsoft’s Compliance Manager provides a good overview and the tools to track, implement and manage controls. Use it to help your organization stay compliant with GDPR.
Each section of the dashboard provides you with the ability to assess and perform actions to help you reach your compliance goals.
Let’s take a brief look at the Office 365 – GDPR section. It’s divided into two control areas – those that are Microsoft-managed and controls that you manage.
Controls you will need to manage to include:
- Conditions for collection and processing
- Data protection
- Sharing, transferring, and disclosure
- Rights of individuals
- Security
Each of these controls includes a description of related GDPR articles.
Conclusion
Just because it’s gone into effect, doesn’t mean you no longer have to worry about GDPR compliance.
The new regulations will have an ongoing impact to the way IT organizations manage data across all systems. Over time, implementing GDPR’s privacy and security controls will become more widely and, eventually, generally accepted business practices.
Organizations that have yet to begin a GDPR-readiness program are likely to face an even bigger surprise in the following months and perhaps even years as they scramble through a disruptive and costly effort.