The General Data Protection Regulation (GDPR) comes into force on May 25, 2018. Organisations in non-compliance will face heavy fines. The GDPR extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.
Helping you comply with GDPR
To what extent does GDPR apply to your organisation.
Customer databases, feedback forms, email content, photos, CCTV footage, loyalty program records, HR databases. You will need to understand what types of personal data your organisation processes, how, and for what purposes. The first step is to inventory your data and identify the systems where it is collected and stored.
The Microsoft Azure Data Catalog is a fully managed cloud service that serves as a system of registration and a system of discovery for your organisation’s data sources. Also, it will help you discover, understand and use data sources to get more value from your existing data.
Develop and implement a data governance plan.
A data governance plan helps you define policies, roles, and responsibilities for the access, management, and use of personal data, and ensures your data handling practices comply with the GDPR.
Using the Microsoft Privacy-by-Design and Privacy-by-Default methodology, we will help you implement strong measures to protect your customer data from inappropriate access or use by unauthorised persons. We provide you with the necessary control to ensure you know how data is managed and who has access to what data within your organisation.
Establish security controls and responses.
Data security risks range from physical intrusion or rogue employees to accidental loss or hackers. The GDPR requires, in the case of certain data breaches, that organisations notify regulators immediately; as well as, possibly, needing to notify the affected data subjects.
The Microsoft Azure Security Center employs advanced security analytics, integrated threat intelligence, behavioural analytics and anomaly detection. We can also help you ensure compliance by building risk management plans and taking risk mitigation steps, such as password protection, audit logs and encryption.
Meet documentation requirements.
Organisations processing personal data will need to keep records about the purposes of processing; the categories processed; with whom the data is shared; the legal basis of any data transfers to third countries; organisational and technical security measures; and data retention times applicable to various datasets.
Microsoft cloud services offer embedded auditing services that can help you meet your obligations, including logging of security-related events and related alerts.
What changes after GDPR?
Individuals have the right to:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export their personal data
Controls and notifications
Organisations will need to:
- Protect personal data using appropriate security
- Notify authorities of personal data breaches
- Obtain appropriate consents for processing data
- Keep records detailing data processing
Organisations are required to:
- Provide clear notice of data collection
- Outline processing purposes and use cases
- Define data retention and deletion policies
IT and training
Organisations will need to:
- Train privacy personnel and employees
- Audit and update data policies
- Employ a Data Protection Officer (if required)
- Create and manage compliant vendor contracts
implementations - the
shortest path to success