News item

Get GDPR compliant with Microsoft's help

The stringent General Data Protection Regulation, or GDPR, comes into effect on 25 May 2018 and Microsoft will help you become compliant.

"At its heart, the GDPR is about protecting a person's personal data and privacy," explains Chris Joberns, managing director. "As such there are two main areas to consider; firstly where and how you store the data, is it safe? Do only the right people have access to the data? For example, if it's stored online, does that service offer a GDPR-compliant standards?

"The second part is how you process the data within your business. Where did you get the data? Do you have the individual's consent to use it? Do you share the information and do have the right to do so?"

Microsoft will support your GDPR journey

To help your business with the process of becoming GDPR compliant, Microsoft has stated it is "committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in our contractual commitments."

This includes a guarantee that you can respond to requests to correct, amend or delete personal data, detect and report personal data breaches and demonstrate your compliance with the GDPR.

What should you be doing now?

GDPR is applicable to organisations of all sizes and although May 2018 seems a long way off, if your businesses hosts data regarding individuals you should start to consider the requirements now.

"The amount of work required will vary by the size and type of business," says Chris. "For example, if your business is already ISO 27001 then you'll already be compliant. But this would expensive, time consuming and overkill for many businesses.

"A key aim is to ensure all customer data is safe and protected and you can show you have actually thought about it. I suggest all devices that go offsite are encrypted so if any laptops are stolen or lost then you know the company data is safe. Secure backup is also important to prove that you can recover quickly.

"You must demonstrate that you protect data and minimise unnecessary proliferation and you should update your privacy policies to include more detail about how data is processed. You need to provide a means for your customers to view, change, erase and export their customer data but this doesn't need to be automated. A section in your business privacy policy should provide a contact regarding data-related queries and then data requests can then be handled internally where necessary."

Microsoft has released a useful white paper regarding moving to GDPR compliance which you can download here.

If you'd like to discuss the benefits of data encryption and Microsoft cloud services, don't hesitate to call.