GDPR compliance with Microsoft

GDPR compliant with Microsoft As of May 2018, all companies in Europe must be fully compliant with the new European General Data Protection Regulation (GDPR). This legislation, also known as the General Data Protection Regulation (AVG) in the Netherlands, has a significant impact on existing processes and systems. In this blog, we discuss key aspects of GDPR and how Microsoft technology can help us comply with these regulations. What is the General Data Protection Regulation? The GDPR is a set of guidelines that have been in effect in every European country since May 25, 2018.

These rules are designed to secure the storage and processing of personal data and safeguard the privacy of individuals. The legislation comes in response to several major data breaches in the past, such as Uber’s concealment of a data breach involving 57 million accounts. The GDPR aims to prevent such incidents and imposes severe penalties for negligence. Characteristics of the GDPR Although it is too far to cover the entire legislation, here are a few key points:

1. Transparency to users:

– Companies must explicitly seek permission from customers to store their data.

– Customers have the right to see their data and have it deleted.

– Data should be used only for specific, clearly defined purposes.

2. Inventory of stored data:

– Companies should clearly know what personal data is stored and where it is located within the company.

– In addition to known databases, such as CRM systems, loose data (e.g., in spreadsheets) should also be inventoried.

3. Privacy by Design and by Default:

– IT systems and processes should be designed to maximize the security of personal data.

– Default privacy settings should be at the most protected level.

– Companies are responsible for GDPR compliance even if IT is outsourced to third parties, such as cloud providers. Notification requirements and fines An important aspect of the GDPR is the data breach notification requirement. Companies must report data breaches to the privacy authority and can face large fines for non-compliance, up to 4% of annual revenue or 20 million euros, whichever is higher. In addition to financial penalties, reputational damage can also be a serious consequence.

GDPR compliance in Microsoft environments For organizations using Microsoft solutions, Microsoft offers several tools and assurances to help with GDPR compliance:
1. On-premise solutions (e.g., Dynamics NAV and Office): – Companies are responsible for GDPR compliance when using on-premise software.

– However, Microsoft guarantees that their enterprise solutions are designed to support GDPR compliance.

– Microsoft offers tools for data management, access control and auditing, as well as the GDPR Compliance Manager, which helps with GDPR projects.

2. Cloud solutions:

– Microsoft offers an additional guarantee for cloud customers: all personal data processed through Microsoft’s cloud platforms is GDPR compliant.

– This guarantee is explicitly included in license agreements, giving customers written confirmation of GDPR compliance.

GDPR: burden or lust? While GDPR compliance can seem challenging, it also offers benefits. By taking this step thoroughly, you ensure that your organization is well prepared to handle confidential data. This not only provides assurance but can also contribute to a positive image with customers and partners.

Microsoft plays a crucial role in this by providing tools and support that help companies comply with GDPR requirements. This allows companies to focus on their core business, knowing that their data processing is in line with the latest privacy legislation.

Contact us for more information! Email info@improfs.nl or use the comment form below.