GDPR compliance

GDPR compliance

Ensure your organisation’s GDPR compliance. ANEGIS deploys Microsoft data security solutions to prepare you for new regulations.

Play video 33:10′

The General Data Protection Regulation (GDPR) comes into force on May 25, 2018. Organisations in non-compliance will face heavy fines.

The GDPR extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.

Helping you comply with GDPR

1. Assess
+

To what extent does GDPR apply to your organisation.

Customer databases, feedback forms, email content, photos, CCTV footage, loyalty program records, HR databases. You will need to understand what types of personal data your organisation processes, how, and for what purposes. The first step is to inventory your data and identify the systems where it is collected and stored.

The Microsoft Azure Data Catalog is a fully managed cloud service that serves as a system of registration and a system of discovery for your organisation’s data sources. Also, it will help you discover, understand and use data sources to get more value from your existing data.

Close
2. Implement
+

Develop and implement a data governance plan.

A data governance plan helps you define policies, roles, and responsibilities for the access, management, and use of personal data, and ensures your data handling practices comply with the GDPR.

Using the Microsoft Privacy-by-Design and Privacy-by-Default methodology, we will help you implement strong measures to protect your customer data from inappropriate access or use by unauthorised persons. We provide you with the necessary control to ensure you know how data is managed and who has access to what data within your organisation.

Close
3. Protect
+

Establish security controls and responses.

Data security risks range from physical intrusion or rogue employees to accidental loss or hackers. The GDPR requires, in the case of certain data breaches, that organisations notify regulators immediately; as well as, possibly, needing to notify the affected data subjects.

The Microsoft Azure Security Center employs advanced security analytics, integrated threat intelligence, behavioural analytics and anomaly detection. We can also help you ensure compliance by building risk management plans and taking risk mitigation steps, such as password protection, audit logs and encryption.

Close
4. Report
+

Meet documentation requirements.

Organisations processing personal data will need to keep records about the purposes of processing; the categories processed; with whom the data is shared; the legal basis of any data transfers to third countries; organisational and technical security measures; and data retention times applicable to various datasets.

Microsoft cloud services offer embedded auditing services that can help you meet your obligations, including logging of security-related events and related alerts.

Close

What changes after GDPR?

Personal privacy
+

Individuals have the right to:

  • Access their personal data
  • Correct errors in their personal data
  • Erase their personal data
  • Object to processing of their personal data
  • Export their personal data
Close
Controls and notifications
+

Organisations will need to:

  • Protect personal data using appropriate security
  • Notify authorities of personal data breaches
  • Obtain appropriate consents for processing data
  • Keep records detailing data processing
Close
Transparent policies
+

Organisations are required to:

  • Provide clear notice of data collection
  • Outline processing purposes and use cases
  • Define data retention and deletion policies
Close
IT and training
+

Organisations will need to:

  • Train privacy personnel and employees
  • Audit and update data policies
  • Employ a Data Protection Officer (if required)
  • Create and manage compliant vendor contracts
Close
General Data Protection Regulation

The GDPR is the EU’s new data protection law that replaces the Data Protection Directive.  It is designed to harmonise data privacy laws across Europe, to protect the data privacy of all EU citizens and to reshape the way organisations approach data privacy.

The GDPR gives individuals greater control over their personal data and imposes many new obligations on organisations that collect, handle or analyse personal data.
GDPR FAQ