Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted

Size: px

Start display at page:

Download "Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted"

Benjamin Day
5 years ago
Views:

1 Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted Cloud Solutions Architect Microsoft Denmark This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

2 1. Data Privacy and regulations like the GDPR - What does it mean for you? - Breaking it down into some clear requirements - Proposing a step-by-step process 2. How Microsoft technologies can help - Making use of built-in capabilities to meet the requirements - Introducing the newest innovations that can help!

Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer

3 Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data Mandatory breach reporting Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

data Object to processing of their personal data Export personal data Organizations will need to: Protect personal data using appropriate security Notify authorities within 72 hours of breaches

4 What are the key changes with the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Individuals have the right to: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Organizations will need to: Protect personal data using appropriate security Notify authorities within 72 hours of breaches Obtain appropriate consents for processing data Keep records detailing data processing Organizations are required to: Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies Organizations will need to: Train privacy personnel & employees Audit and update data policies Employ a Data Protection Officer (if required) Create & manage compliant vendor contracts

Our commitment to you To simplify your path to compliance, we are committing to GDPR compliance across our cloud services when enforcement begins on May 25, 2018.

5 Our commitment to you To simplify your path to compliance, we are committing to GDPR compliance across our cloud services when enforcement begins on May 25, We will share our experience in complying with complex regulations such as the GDPR. Together with our partners, we are prepared to help you meet your policy, people, process, and technology goals on your journey to GDPR.

6 GDPR Compliance Simplify your privacy journey Uncover risk & take action Leverage guidance from experts

7 How do I get started? 1 Discover Identify what personal data you have and where it resides 2 Manage Govern how personal data is used and accessed 3 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 4 Report Keep required documentation, manage data requests and breach notifications

9 1 Discover: In-scope: Inventory: Example solutions Microsoft Azure Microsoft Azure Data Catalog Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 Audit Data & User Activity Reporting & Analytics Office & Office 365 Data Loss Prevention Advanced Data Governance Office 365 ediscovery SQL Server and Azure SQL Database SQL Query Language Windows & Windows Server Windows Search

12 2 Manage: Example solutions Data governance: Data classification: Microsoft Azure Azure Active Directory Azure Information Protection Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Security Concepts Office & Office 365 Advanced Data Governance Journaling (Exchange Online) Windows & Windows Server Microsoft Data Classification Toolkit

13 Classification and labelling Intuitive, one-click process Encryption and rights management Detailed tracking and reporting

14 Built-in Azure, no setup required Automatically discover and monitor security of Azure resources Gain insights for hybrid resources Easily onboard resources running in other clouds and on-premises

15 4 Report: Record-keeping: Reporting tools: Example solutions Microsoft Trust Center Service Trust Portal Microsoft Azure Azure Auditing & Logging Azure Data Lake Azure Monitor Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Reporting & Analytics Office & Office 365 Service Assurance Office 365 Audit Logs Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection

16 servicetrust.microsoft.com The Service Trust Platform (STP) is a companion feature to the Microsoft Trust Center, and allows you to: Access audit reports across Microsoft cloud services on a single page. Access compliance guides to help you understand how can you use Microsoft cloud service features to manage compliance with various regulations. Access trust documents to help you understand how Microsoft cloud services help protect your data.

Compliance manager Manage your compliance from one place Real-time risk assessment An intelligent score shows your compliance posture against evolving

17 Compliance manager Manage your compliance from one place Real-time risk assessment An intelligent score shows your compliance posture against evolving regulations Actionable insights Recommended actions to improve your data protection capabilities Simplified compliance Streamlined workflow and audit-ready reports

18 Enabling GDPR compliance in Health Discover Manage Protect Report Existing compliance approaches and attestations already in alignment with the GDPR provide a good foundation to start from. Identity and Access Management and Conditional Access can help manage access to data across platforms, whether in the cloud, on premise or in a hybrid environment. Service Trust Platform provides access to audit reports and compliance guides to help you understand how can you use Microsoft cloud service features to manage compliance Azure Data Catalog/Azure App Catalog will help discover patient and health data across your applications, tools and databases. Microsoft Azure provides a secure and robust platform to store patient and health data. Utilize pseudonymizing and encryption capabilities to increase security and reduce exposure to risk. Windows 10 prevents unauthorized apps from accessing health and patient data, and health professionals from leaking data with copy and paste protection. Compliance Manager helps assess and track data protection and compliance posture and get actionable insights to improve. With an intelligent score, customers can better understand their compliance posture against regulatory standards.

19 SQL and GDPR Guide

20 BRK3241 Secure your data in Azure SQL Database and SQL Data Warehouse BRK3087 Azure SQL Database: The world's first intelligent cloud database service BRK2230 What's new with Azure SQL Database: Focus on your business, not on the database THR2024 Practical tips and considerations by industry experts on how to become GDPR compliant