As you may well know – or might be reading for the first time – data protection laws will be strengthened next year with the introduction of the General Data Protection Regulation, or GDPR. The regulation, which will aim to both reinforce and unify data protection for all individuals and businesses within the European Union, is expected to be introduced on May 25, 2018. Despite the UK’s decision to withdraw from the EU, the GDPR will still apply to British businesses – so this isn’t something you can afford to ignore.
Staying Compliant with Microsoft
Due to the nature of the new laws, companies around the UK and the rest of Europe will be required to make a number of changes in order to comply with the GDPR. Microsoft have made it clear that they are committed to ensure they are compliant with the new GDPR by next year, highlighting their focus on implementing the new regulations with their services in 12 months’ time, stating:
“We (Microsoft) believe privacy is a fundamental right. The GDPR is an important step forward to further clarify and enable individual privacy rights and look forward to sharing additional updates how we can help you comply with this new regulation and, in the process, advance personal privacy protections.”
Microsoft’s push to prepare for the GDPR will see them look to cloud services such as Azure and Office 365, as well as Windows and Windows Server. With approximately 160 GDPR requirements ranging from how businesses collect, store and use personal information, to a 72-hour notification for any personal data breaches, there is a lot to do to ensure companies can stay compliant with the new regulations.
To make the process easier, Microsoft have revealed a range of features they will roll out between now and next summer. In order to secure data shared outside companies, be it documents or emails, Microsoft’s Azure Information Protection will provide document tracking and revocation capabilities, allowing the monitoring of sensitive data, and even revoking access if needed.
Another feature set to be introduced is the Office 365 Advanced Data Governance, which will automatically label sensitive data and organise it through classifications. This will allow users to easily set policies for protection, retention or deletion, making the whole process of staying compliant more straightforward. On top of this, a new dashboard will center on security, privacy, and compliance, ensuring users are able to see exactly what steps they need to take to meet the new requirements.
The GDPR will give control over their personal data through a set of “data subject rights,” including:
- Access readily-available information in plain language about how personal data is used
- Access personal data
- Have incorrect personal data deleted or corrected
- Have personal data rectified and erased in certain circumstances (sometimes referred to as the “right to be forgotten”)
- Restrict or object to processing of personal data
- Receive a copy of personal data
- Object to processing of data for specific uses, such as marketing or profiling
To find out more about GDPR and the steps your business needs to take, call us today on 0800 999 3365.b