Data Protection Regulation (GDPR) Robertas T amosaitis Microsoft - - PowerPoint PPT Presentation

data protection regulation gdpr
SMART_READER_LITE
LIVE PREVIEW

Data Protection Regulation (GDPR) Robertas T amosaitis Microsoft - - PowerPoint PPT Presentation

Oct 20, 2022 15 likes •200 views

Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas T amosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide an overview of GDPR and is not a

slide-1
SLIDE 1

Privacy, Trust, and the General Data Protection Regulation (GDPR)

Robertas T amosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

slide-2
SLIDE 2

“Businesses and users are going to embrace technology only if they can trust it.”

Satya Nadella Chief Executive Officer Microsoft Corporation

  • We take a principled approach with strong commitments to

privacy, security, compliance and transparency.

  • Moving to the cloud makes it easier for you to become

compliant with privacy regulations by managing and protecting personal data in a centralized location.

  • Microsoft is the industry leader in privacy and security with

extensive expertise complying with complex regulations.

slide-3
SLIDE 3

Providing clarity and consistency for the protection

  • f personal data

Enhanced personal privacy rights Increased duty for protecting data Mandatory breach reporting Significant penalties for non-compliance

The General Data Protection Regulation (GDPR) imposes new

rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located.

Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

slide-4
SLIDE 4

Personal privacy

What are the key changes with the GDPR?

Controls and notifications Transparent policies IT and training

Processors will need:

  • Train privacy personnel

& employee

  • Audit and update data

policies

  • Employ a Data

Protection Officer (for larger organizations)

  • Create & manage

processor/vendor contracts Processors will need to:

  • Protect personal data

using appropriate security practices

  • Notify authorities within

72 hours of breaches

  • Receive consent before

processing personal data

  • Keep records detailing

data processing Individuals have the right to:

  • Access their personal

data

  • Correct errors in their

personal data

  • Erase their personal data
  • Object to processing of

their personal data

  • Export personal data

Processors are required to:

  • Provide clear notice of

data collection

  • Outline processing

purposes and use cases

  • Define data retention

and deletion policies

slide-5
SLIDE 5

Our commitment to you

  • T
  • simpli

lify y your r path to compli liance, ance, we are e committing mitting to GDPR PR compliance pliance across ss our clou

  • ud

d services vices when enfor

  • rcem

cement ent begin ins s on May y 25, 2018.

  • We wi

will ll share e our experience erience in comp mply lying ing wi with th comp mplex lex regulations ulations such ch as the GDPR. PR.

  • T
  • gethe

ther r wi with th our partne tners, s, we we are e prepar pared ed to to help p you me meet t your r policy icy, , people, le, proces cess, s, and technology hnology goals s on your r journey rney to GDPR PR. .

  • We are ma

making ing contract tractual ual comm mmitments itments available ailable to to our customer tomers s th that t provide vide key y GDPR PR-related elated assurances urances about our services. vices.

slide-6
SLIDE 6

United States______

CJIS CSA CCM DISA FDA CFR Title 21 Part 11 FEDRAMP FERPA FIPS 140-2 FISMA HIPAA/HITECH HITRUST IRS 1075 ISO/IEC 27001, 27018 MARS-E NIST 800-171 Section 508 VPATs SOC 1, 2

United Kingdom___

CSA CCM ENISA IAF EU Model Clauses ISO/IEC 27001, 27018 NIST 800-171 SOC 1, 2, 3 UK G-Cloud

Spain___

CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2 Spain ENS Spain LOPD Auth.

Singapore____

CSA CCM ISO/IEC 27001, 27018 MTCS SOC 1, 2

New Zealand____

CSA CCM ISO/IEC 27001, 27018 NZCC Framework SOC 1, 2,

Japan____

CSA CCM CS Mark (Gold) FISC ISO/IEC 27001, 27018 Japan My Number Act SOC 1, 2

European Union___

CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2,

China____

China GB 18030 China MLPS China TRUCS

Austrailia____

CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2

Argentina____

Argentina PDPA CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2

Key Certifications

Commitment to meeting industry standards

Over 900 controls in the Office 365 compliance framework enable us to stay up to date with the ever- evolving industry standards across geographies

Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors and holds key certifications

New Zealand____

CSA CCM ISO/IEC 27001, 27018 NZCC Framework SOC 1, 2,

Japan____

CSA CCM CS Mark (Gold) FISC ISO/IEC 27001, 27018 Japan My Number Act SOC 1, 2

Austrailia____

CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2

slide-7
SLIDE 7

How do I get started?

Identify what personal data you have and where it resides

Discover 1

Govern how personal data is used and accessed

Manage 2

Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches

Protect 3

Keep required documentation, manage data requests and breach notifications

Report 4

slide-8
SLIDE 8
slide-9
SLIDE 9

Discover:

In-scope:

  • Inventory:
  • Microsoft Azure

Microsoft Azure Data Catalog

Enterprise Mobility + Security (EMS)

Microsoft Cloud App Security

Dynamics 365

Audit Data & User Activity Reporting & Analytics

Office & Office 365

Advanced Data Governance Office 365 eDiscovery

Example solutions

1

slide-10
SLIDE 10

2

Example solutions

Manage:

Data governance:

  • Data classification:
  • Microsoft Azure

Azure Active Directory Azure Role-Based Access Control (RBAC)

Enterprise Mobility + Security (EMS)

Azure Information Protection

Office & Office 365

Advanced Data Governance Office 365 eDiscovery

Windows & Windows Server

Microsoft Identity Manager Auditing and logging Microsoft Data Classification Toolkit

slide-11
SLIDE 11

3

Example solutions

Protect:

Preventing data attacks:

  • Detecting &

responding to breaches:

  • Enterprise Mobility + Security (EMS)

Microsoft Intune Azure Information Protection Multi-Factor Authentication (Azure Active Directory Premium) Microsoft Advanced Threat Analytics

Office & Office 365

Data Loss Prevention Advanced Threat Protection Threat Intelligence

SQL Server and Azure SQL Database

Transparent data encryption Always Encrypted

Windows & Windows Server

Windows Hello Credential Guard

slide-12
SLIDE 12

4

Example solutions

Report:

Record-keeping:

  • Reporting tools:
  • Microsoft Azure

Azure Auditing & Logging Log Analytics Enterprise Mobility + Security (EMS) Azure Information Protection Microsoft Advanced Threat Analytics Office & Office 365 Office 365 Audit Logs Office 365 eDiscovery Windows & Windows Server Microsoft Identity Manager Auditing and logging Windows Defender Advanced Threat Protection

slide-13
SLIDE 13
slide-14
SLIDE 14

Enterprise Mobility + Security

Protect customer data both in the cloud, and on-premises, with industry-leading security capabilities

Office 365

Secure your IT environment and achieve compliance with enterprise- grade user and administrative controls

Windows 10 Enterprise

Protect devices with industry-leading encryption, anti-malware technologies, and identity and access solutions

slide-15
SLIDE 15

Microsoft’s goal is to streamline your GDPR compliance through smart technology, innovation, and

  • collaboration. Together we’ll help you

build a more secure environment, simplify your compliance with the GDPR, and give you the tools and resources you need to be successful.

Partnering with you to prepare for GDPR

Preparing for GDPR PR

slide-16
SLIDE 16
slide-17
SLIDE 17
slide-18
SLIDE 18

HIPAA / HITECH Act FERPA GxP 21 CFR Part 11

Singapore MTCS UK G-Cloud Australia IRAP/CCSL

FISC Japan

New Zealand GCIO China GB 18030 EU Model Clauses ENISA IAF Argentina PDPA Japan CS Mark Gold

CDSA Shared Assessments

Japan My Number Act

FACT UK GLBA

Spain ENS

PCI DSS Level 1 MARS-E FFIEC

China TRUCS Canada Privacy Laws

MPAA

Privacy Shield India MeitY Germany IT Grundschutz workbook Spain DPA

HITRUST IG Toolkit UK

China DJCP

ITAR Section 508 VPAT SP 800-171 FIPS 140-2 High JAB P-ATO CJIS DoD DISA SRG Level 2 DoD DISA SRG Level 4 IRS 1075 DoD DISA SRG Level 5 Moderate JAB P-ATO

GLOBAL US GOV INDUSTRY REGIONAL

ISO 27001 SOC 1 Type 2 ISO 27018 CSA STAR Self-Assessment ISO 27017 SOC 2 Type 2 SOC 3 ISO 22301 CSA STAR Certification CSA STAR Attestation ISO 9001

Azure has the deepest and most comprehensive compliance coverage in the industry