Getting ready for GDPR with Office 365
Enforcement of the GDPR Regulation will begin this May 25. Are you ready? If not, Microsoft offers some information-protection solutions to help your organization identify, classify, and protect your data. The tools track your adherence to the regulations, ensure you’re able to identify sensitive data, and can prevent that data from escaping your organization via email, etc.
While this article focuses on GDPR policy management, the info also applies to other regulations (e.g. HIPAA).
The General Data Protection Regulation (GDPR) is a European Union (EU) regulation designed to protect the personally identifiable information of a citizen of the EU. This data includes name, home address, e-mail, even things like IP addresses and photos.
The regulation gives members of the EU the right "to be forgotten" which means their data must be purged from your system. However, this regulation is not only limited to companies in the EU. U.S. businesses with customers in the EU are also required to comply. Failure to do so may result in a penalty of twenty million Euros, or 4 percent of your worldwide annual revenue for the prior financial year, whichever is higher.
Getting Started -- Security & Compliance Center
To get started, visit the Security & Compliance Center found in your Office 365 tenant. There you’ll find help to get you started setting up your compliance plan and ramping up the compliance regulations most relevant to you. Given that GDPR is right around the corner, it’s no surprise that GDPR content is front and center.
The Security & Compliance Center offers many additional features to help you find and protect your data from threats of inappropriate content sharing. A GDPR dashboard helps you understand the regulation better and includes some tools to help you maintain compliance.
The "Ramp up on GDPR" section offers information and tools around the four phases of compliance: Discover, Govern, Protect, and Monitor & Respond.
The "Govern" section includes a link to their Compliance Manager, which provides an overview of how well your organization is managing its compliance plan. As a service provider, Microsoft is required to assist with your compliance. The GDPR dashboard also computes your Compliance Score, letting you quickly determine if your organization is doing what it needs to be doing and assign tasks accordingly. As shown in the screenshot below, Microsoft has maintained their 41 GDPR actions while the sample company hasn’t started or completed any of their 60 actions.
Drilling down into the actions takes the user to the details page, which displays task completion and date of last update.
When expanded, the sections display additional information (e.g. which Office 365 services are covered under the plan, details around each action). The example below includes an article that Microsoft maintains, its compliance score, the date it was tested, and that it passed an inspection by a third-party independent auditor.
Actions are displayed further down the page. Users must assign a manager to each action.
Below each item, a "More" link displays each item action (when expanded). Users may also enter the Implementation Details, Test Plan, and the Management Response.
Further, a form lets users set the priority level and designate a team member responsible for each action item. This person is then notified of their responsibilities.
Once a user has been assigned, the status, implementation status, implementation date, test date and test results may also be specified.
Once updated, the data appears in the user’s dashboard.
GDPR is a significant new regulation with enforcement beginning May 25 and hefty penalties for noncompliance. This brief introduction should help you start planning your compliance plan for GDPR and others. To help you tackle your compliance policies and the tools used to maintain compliance, the Security & Compliance Center and Compliance Manager provide context-specific links to more detailed information. Whether your organization is affected by GDPR (or by other regulations), be sure to investigate the tools mentioned above to ensure your compliance.
Jason Rivera is an Architect for Anexinet’s Digital & Analytics Services business unit. Specializing in SharePoint and Office 365 Solution Architecture, he plans and implements tailored solutions that enhance communication, productivity, and collaboration. Jason has over a decade of experience designing and implementing SharePoint business solutions that integrate with line of business systems to achieve each customer’s unique goals.