GDPR In Office 365

We all have started receiving emails from various entities we are enrolled with about the changes in their privacy settings and GDPR compliance. Many organizations have started to engage legal counsel to help understand GDPR and prepare a GDPR compliance plan for them. The organizations have started to build an internal task force with members of different departments (security, sales, product development, and others) to implement the GDPR compliance plan internally. GDPR will safeguard how organizations processes the personal data. The penalty for breaches under GDPR can be up to 4% of company’s annual turnover.

Overview

We all have started receiving emails from various entities we have enrolled with about the changes in their privacy settings and GDPR compliance. Many organizations have started to engage legal counsel to help understand GDPR and prepare a GDPR compliance plan for them. The organizations have started to build an internal task force with members of different departments (security, sales, product development, and others) to implement the GDPR compliance plan internally. GDPR will safeguard how organizations process personal data. The penalty for breaches under GDPR can be up to 4% of a company’s annual turnover.

What is GDPR?

GDPR stands for General Data Protection Regulation.

In 2016, the European Union (EU) approved a new privacy regulation called the General Data Protection Regulation (GDPR). It came into effect on May 25, 2018. GDPR is the most important change in data privacy in the last 20 years. It addresses export of personal data outside of the organization. GDPR gives priority to citizens and residents over their personal data. Every worldwide organization doing business with European Economic Area has to abide by the GDPR.

Key changes under GDPR

With GDPR is in effect, it imposes new rules and regulations on organizations, government agencies who offer goods and services to European Union (EU), no matter where you are in the world.

The Key changes under GDPR are as follows:

Individuals

An individual while interacting with any organization has the below rights:

  • Can access personal data at any time
  • Can make changes to personal data as needed
  • Can delete the personal data
  • Can export personal data

Organizations

  • Has to protect personal data
  • Notify GDPR authorities for any data breaches
  • Maintain history of processed data
  • Have to get consents for processing personal data
  • Define data retention and deletion policies
  • Get employees trained on GDPR
  • Perform regular audits of data protection
  • Engage Data Protection Professional as needed

What does Office 365 have for GDPR?

Microsoft has also prepared for GDPR in Office 365. Microsoft has offered a lot of security features already under the section of Data governance and compliance section of Office 365 to be GDPR compliant. These features include:

  • Classification labels and policies
  • Auto-label policies
  • Content searches
  • Alert policies
  • Audit logs
  • Data encryption

Security and Compliance in Office 365

The Security and Compliance section in Office 365 portal is updated to show the GDPR compliance information of Office 365 tenant.

  1. Login to Office 365 tenant (https://login.microsoftonline.com).
  2. Click App Launcher from the top left corner to open Office 365 Apps.
  3. Click Admin.
    Office 365
  4. Click Admin Centers > Security & Compliance.

    Office 365
  1. The newly designed Security and Compliance page offers GDPR dashboard, Threat Management, Secure Score and content classification are as highlighted.

    Office 365
  1. Click Go to the GDPR dashboard
  2. GDPR dashboard is helpful to get started with the GDPR toolbox, help and case management with GDPR

    Office 365

GDPR Toolbox

GDPR toolbox will help to

  • Import the data
  • Find personal data
  • Auto apply labels
  • Create dispositional labels

 

Office 365

 

GDPR Help Center

The Help Center gives an overview of GDPR and how it applies to Office 365. It also offers videos to get started with GDPR.

Office 365

Data Subject Requests (DSR)

The personal information can be obtained by creating DSR case.

Office 365

All open and closed DSRs can be tracked from the portal.

Classification Labels

In Office 365 tenant, we can easily create a classification label and apply the label to data (e.g. employee or customer information) that falls under GDPR. Office 365 E5 licensing offers auto-label policies to apply labels to data inside SharePoint, OneDrive and Exchange.

  1. Open Security & Compliance from Office 365 Admin center
  2. Under Classifications, click Sensitive information types

    Office 365
  1. At the time of writing this article, Microsoft has made available 82 types to use in your security and compliance policies across multiple countries.
    Office 365

Summary

Office 365 is ready with sets of features like Classification Labels, auto-label policies, DLP (Data Loss Prevention), IRM (Information Rights Management), and Azure Information Protection labels to classify and protect information to make your tenant GDPR complaint.

Use these features in your Office 365 tenants to be ready for GDPR.