Accelerate GDPR compliance with the Microsoft Cloud Henrik Mnsted - PowerPoint PPT Presentation

Accelerate GDPR compliance with the Microsoft Cloud Henrik Mønsted Cloud Solutions Architect Microsoft Denmark This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

1. Data Privacy and regulations like the GDPR - What does it mean for you? - Breaking it down into some clear requirements - Proposing a step-by-step process 2. How Microsoft technologies can help - Making use of built-in capabilities to meet the requirements - Introducing the newest innovations that can help!

Providing clarity and consistency for the protection of personal data The General Data Protection Enhanced personal privacy rights Regulation (GDPR) imposes new Increased duty for protecting data rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that Mandatory breach reporting collect and analyze data tied to EU residents, no matter where they are Significant penalties for non-compliance located. Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

What are the key changes with the GDPR? Personal Controls and Transparent IT and training privacy notifications policies Individuals have the right to: Organizations will need to: Organizations are required Organizations will need to: to: Access their personal Protect personal data Train privacy personnel • • • data using appropriate security Provide clear notice of & employees • data collection Correct errors in their Notify authorities within Audit and update data • • • personal data 72 hours of breaches Outline processing policies • purposes and use cases Erase their personal data Obtain appropriate Employ a Data Protection • • • consents for processing Define data retention Officer (if required) • Object to processing of • data and deletion policies their personal data Create & manage • compliant vendor Keep records detailing • Export personal data • contracts data processing

Our commitment to you T o simplify your path to compliance, we are committing to GDPR compliance across our cloud services when enforcement begins on May 25, 2018. We will share our experience in complying with complex regulations such as the GDPR. T ogether with our partners, we are prepared to help you meet your policy, people, process, and technology goals on your journey to GDPR.

GDPR GDPR GDPR Compliance Compliance Compliance Simplify your Uncover risk & Leverage guidance privacy journey take action from experts

How do I get started? Identify what personal data you have and Discover 1 where it resides Govern how personal data is used Manage 2 and accessed Establish security controls to prevent, detect, Protect 3 and respond to vulnerabilities & data breaches Keep required documentation, manage data Report 4 requests and breach notifications

Discover: 1 Example solutions Microsoft Azure Microsoft Azure Data Catalog In-scope: Inventory: Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 • Audit Data & User Activity • • Reporting & Analytics • • • • Office & Office 365 • Data Loss Prevention Advanced Data Governance • • Office 365 eDiscovery • • • • SQL Server and Azure SQL Database • SQL Query Language • • Windows & Windows Server Windows Search

Manage: 2 Example solutions Microsoft Azure Azure Active Directory Azure Information Protection Data governance: Data classification: Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 • • Security Concepts • • • • Office & Office 365 • • Advanced Data Governance • • Journaling (Exchange Online) • • • • Windows & Windows Server • Microsoft Data Classification Toolkit

Classification and labelling Intuitive, one-click process Encryption and rights management Detailed tracking and reporting

Built-in Azure, no setup required Automatically discover and monitor security of Azure resources Gain insights for hybrid resources Easily onboard resources running in other clouds and on-premises

Report: 4 Example solutions Microsoft Trust Center Service Trust Portal Microsoft Azure Record-keeping: Reporting tools: Azure Auditing & Logging Azure Data Lake Azure Monitor • • Enterprise Mobility + Security (EMS) Azure Information Protection • • Dynamics 365 • • Reporting & Analytics • • Office & Office 365 • Service Assurance • Office 365 Audit Logs • Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection

The Service Trust Platform (STP) is a companion feature to the Microsoft Trust Center, and allows you to: Access audit reports across Microsoft cloud services • on a single page. Access compliance guides to help you understand • how can you use Microsoft cloud service features to manage compliance with various regulations. Access trust documents to help you understand how • Microsoft cloud services help protect your data. servicetrust.microsoft.com

Compliance manager Manage your compliance from one place Real-time risk assessment • An intelligent score shows your compliance posture against evolving regulations Actionable insights • Recommended actions to improve your data protection capabilities Simplified compliance • Streamlined workflow and audit-ready reports

Enabling GDPR compliance in Health Discover Manage Protect Report Service Trust Platform  provides access to audit reports and compliance guides to help Existing compliance approaches you understand how can you use  Identity and Access Management  and attestations already in Microsoft cloud service features and Conditional Access can help to manage compliance alignment with the GDPR provide a manage access to data across platforms, good foundation to start from. whether in the cloud, on premise or in a hybrid environment. Azure Data Catalog/Azure App Catalog   Compliance Manager helps assess and Microsoft Azure provides a secure  will help discover patient and health data across track data protection and compliance and robust platform to store patient and your applications, tools and databases. posture and get actionable insights to health data. Utilize pseudonymizing and improve. With an intelligent score, customers encryption capabilities to increase security can better understand their compliance and reduce exposure to risk. posture against regulatory standards. Windows 10 prevents unauthorized apps  from accessing health and patient data, and health professionals from leaking data with copy and paste protection.

GDPR @Microsoft • https://www.microsoft.com/GDPR • https://www.gdprbenchmark.com/ SQL and GDPR Guide

BRK3241 Secure your data in Azure SQL Database and SQL Data Warehouse BRK3087 Azure SQL Database: The world's first intelligent cloud database service BRK22 K2230 30 Wh What' t's new with Azu zure SQL L Database tabase: : Focu cus s on your busines iness, s, not on the databas tabase THR2024 Practica ctical tips s and conside sidera ration tions s by indust stry y experts ts on how w to become ome GDPR PR complia pliant nt