by Brendon Lynch – Chief Privacy Officer, Microsoft
The new General Data Protection Regulation (GDPR) is the most significant change to European Union (EU) privacy law in two decades. The GDPR requires that organizations respect and protect personal data – no matter where it is sent, processed or stored. Complying with the GDPR will not be easy. To simplify your path to compliance, Microsoft is committing to be GDPR compliant across our cloud services when enforcement begins on May 25, 2018.
GDPR is part of our holistic cloud compliance investments
We are committed to our principles of cloud trust – across security, privacy, transparency and compliance. We have a broad portfolio of cloud services that address the rigorous security and privacy demands of our customers, who comprise over 90 percent of Fortune 500 companies. As the GDPR enforcement begins, here is what else you can expect from us:
- Technology that meets your needs – You can leverage our broad portfolio of enterprise cloud services to meet your GDPR obligations for areas including deletion, rectification, transfer of, access to and objection to processing of personal data. Furthermore, you can count on our extensive global partner ecosystem for expert support as you use Microsoft technologies.
- Contractual commitments – We are standing behind you through contractual commitments for our cloud services, including timely security support and notifications in accordance with the new GDPR requirements. In March 2017, our customer licensing agreements for Microsoft cloud services will include commitments to be GDPR compliant when enforcement begins.
- Sharing our experience – We will share Microsoft’s GDPR compliance journey so you can adapt what we have learned to help you craft the best path forward for your organization.
While Microsoft is committed to helping you successfully comply with the GDPR, it is important to recognize that compliance is a shared responsibility. New requirements – like greater data access and deletion rules, risk assessment procedures, a Data Protection Officer role for many organizations and data breach notification processes – will mean changes for your organization. When it comes to GDPR compliance, it’s not just European organizations that are affected, but also those outside of the EU who process data in connection with the offering of goods and services to, or monitoring the behavior of, EU residents. As such, it’s important to understand your obligations related to GDPR regardless of where your organization resides.
It will take time, tools, processes and expertise for you to comply with the GDPR. To do this, you need to make changes to your privacy and data management practices. And failure to do so could prove costly – as companies that do not meet the requirements could face reputational harm and substantial fines of 20 million euros, or 4 percent of annual worldwide turnover, whichever is greater.
The Microsoft Cloud can help
With the most comprehensive set of compliance offerings of any cloud service provider, the Microsoft Cloud is here to support your compliance initiatives. Our commitment to privacy is proven by our actions. Microsoft was the first enterprise cloud services provider to implement the rigorous controls needed to earn approval for our contractual model clauses governing the transfer of data outside of European Union. We were the first cloud provider to achieve compliance with ISO’s important 27018 cloud privacy standard. Microsoft Azure has 53 major certifications and attestations – more than any other major public cloud provider.
When it comes to security, Microsoft’s unique visibility into the evolving threat landscape can also help protect the data that moves through your systems. Our cloud footprint includes over 100 datacenters and more than 200 cloud services. We’re investing over $1 billion annually in security and using our global insights to identify threats and protect your data.
This focus on privacy and security reflects the belief that our business ultimately relies on the trust of our customers, and we work hard to earn that trust. That’s why Microsoft is committing to be GDPR compliant across our cloud services.
Visit the GDPR webpage on our new Microsoft Trust Center website to learn more about how the features and functionality of Azure, Dynamics 365, Enterprise Mobility + Security, Office 365 and Windows 10 will enable you to meet the GDPR’s requirements.
Partnering with you now and in the future
As the fast-approaching GDPR deadline draws closer, we look forward to working in close partnership with you on GDPR compliance. We will continue to share the resources, tools and solutions you need to help develop your own compliance plan. In March, we will announce the details of our contractual commitments in accordance with GDPR rules. In the coming months, we will hold workshops, and host webinars for all customers and partners. We will also expand our GDPR web pages in the Trust Center to address your needs and feedback. Because when it comes to preparing for the GDPR, Microsoft has your back.
This post originally appeared on the Microsoft On the Issues blog.