Microsoft Introducing Tool to Assist with GDPR Compliance

It has recently been revealed that Microsoft are introducing tooling enhancements to assist companies and groups using Azure and Office 365 services to comply with the European Union’s General Data Protection Regulation (GDPR) requirements.

Microsoft is aiming to ensure that the services it provides will be fully GDPR compliant May 25, the date that the legislation becomes enforceable and penalties will be applied for lack of compliance. In a bid to make this happen the IT giant has made a range of tools available

by that date, and it has spun out a bunch of tools for organizations using its services to also stay in compliance with the GDPR. Some of the tools supporting GDPR compliance include:

  • Service Trust Portal, and Security and Compliance Center, portals which provide GDPR information resources, but can also be used to take actions on stored data
  • Office 365 Advanced Data Governance for grouping data into specific categories
  • Azure Information Protection for controlling and revoking access  documents
  • Compliance Manager for monitoring of regulatory compliance
  • Azure Active Directory Terms of Use for obtaining user informed consent

Microsoft CEO Satya Nadella has spoken publicly of the cost effective manner of these suites and the simplicity that they provide to complying with GDPR from May 25.

He said: “For most customers, it will be more effective and less costly to host their data in Microsoft’s GDPR-compliant cloud than to develop and maintain GDPR compliance tools themselves”.

As part of the new suite of GDPR Compliance tools that Microsoft has announced there is a Data Subject Access Request interface including in both  the Security and Compliance Center the Azure Portal. It the Security and Compliance Center it will be available via a newly-introduced tab.

Penalties for not complying with GDPR can be up to €20 million or 4% of an organization’s annual revenue turnover, whichever is greater. Companies that are located outside of the EU must also comply with the regulations if it manages the private data of EU citizens as a service.