EU Flag Flickr Reuse

The EU’s General Data Protection Regulation will come in on May 25, ushering a new set of standards designed to give citizen’s more control over their personal data. The legislation extends EU data protection to foreign companies, while also giving citizens a new set of digital rights.

These include the right for individuals to request the data a company has on them and ask for it to be deleted or modified. For a company like Microsoft, that’s a bit of a headache. The tech giant is systematically updating its apps and services to be compliant with the incoming regulations, including with Office 365 and Azure.

If it fails to do so, it could face fines of up to €20 million or 4 percent of its annual revenue turnover. As a result, Microsoft has to build tools not just for itself, but for customers that utilize its platforms to provide services to others. Some of the most notable additions include:

  • Service Trust Portal, which provides GDPR information resources, but it also can be used to take actions on stored data
  • Security and Compliance Center in the Office 365 Admin Center, another portal for taking actions
  • Office 365 Advanced Data Governance for classifying data
  • Azure Information Protection for tracking and revoking documents
  • Compliance Manager for keeping track of regulatory compliance
  • Azure Active Directory Terms of Use for obtaining user informed consent”

Coming Soon to Azure

They join the preview of a new Data Subject Access Request interface in the Security and Compliance Center, Azure Portal, and Service Trust Portal. According to Redmond Channel Partner, this will be out of preview before GDPR’s launch on May 25.

Earlier this month, Microsoft also rolled out changes to its child accounts to comply with GDPR. New authentication terms require a parent to provide consent for use of personal data. This will be in place for children under the age of 16, although EU member states can make the age lower down to 13 years.

Under GDPR, companies will also have to inform users when they are subject to a data breach. This is a particularly sensitive topic due to the recent Cambridge Analytica scandal, which Facebook discovered in 2014 but failed to report until this year.

To aid in this, Microsoft has added Breach Notification documents to its Service Trust Portal and will be releasing a ‘Data Protection Impacts Assessments’ section in the coming weeks. Together, all of these should minimize the time organizations spend on GDPR and ensure the right checks and balances are in place.