Microsoft 365 adds data protection tools to help customers remain GDPR compliant

eu-gdpr.png

To help its customers address the looming General Data Protection Regulation (GDPR) guidelines, Microsoft released a host of new data protection and compliance tools across its suite product lineup, the firm announced in a blog post.

The EU GDPR rules set standards for how the personally identifiable information (PII) of customers can be used and stored by companies. It applies to companies based in the EU, and those that work the data of EU residents. Using these new tools could help Microsoft customers—especially those that rely heavily on Azure public cloud services—maintain compliance with GDPR standards before its deadline of May 25, 2018.

The first piece of the puzzle is the general availability of Microsoft Compliance Manager coming to Azure, Dynamics 365, and Office 365 Business and Enterprise customers in public clouds, the release said. Compliance Manager works across Microsoft cloud services to help customers make sure they are meeting standards like the GDPR.

"Compliance Manager really adds great additional value for Microsoft Cloud services by providing insights on the relationships between regulation, processes, and technology," Abrona IT manager Nick Postma said in the blog post.

Compliance Score is actually a feature of the Compliance Manager. According to the post, it will let a customer perform "ongoing risk assessments on Microsoft Cloud services with a risk-based score reference, giving you visibility into your compliance performance." Each separate control has its own risk weight. As customers implement new levels of control, their score will improve, the post said. It's available for Office 365 now, and is coming to other cloud services soon.

The third aspect of Microsoft's efforts in GDPR-readiness is the Azure Information Protection scanner. Using the scanner, the post said, customers can create policies to discover and classify documents that may or may not meet certain policies, such as GDPR. This allows users to more easily see what files need additional protections to remain compliant.

"We're also going to expand sensitive data types to include a GDPR template to consolidate sensitive data types into a single template," the post said. This will allow admins to more easily detect and classify personal data relevant to GDPR, so any compliance issues can be addressed.