Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas T amosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
“Businesses and users are going to embrace technology only if they can trust it.” Satya Nadella Chief Executive Officer Microsoft Corporation We take a principled approach with strong commitments to • privacy, security, compliance and transparency. Moving to the cloud makes it easier for you to become • compliant with privacy regulations by managing and protecting personal data in a centralized location. Microsoft is the industry leader in privacy and security with • extensive expertise complying with complex regulations.
Providing clarity and consistency for the protection of personal data The General Data Protection Enhanced personal privacy rights Regulation (GDPR) imposes new Increased duty for protecting data rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze Mandatory breach reporting data tied to EU residents, no matter where they are located. Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights
What are the key changes with the GDPR? Personal Controls and Transparent IT and training privacy notifications policies Individuals have the right to: Processors will need to: Processors are required to: Processors will need: Access their personal Protect personal data Provide clear notice of Train privacy personnel • • • • data using appropriate security data collection & employee practices Correct errors in their Outline processing Audit and update data • • • personal data Notify authorities within purposes and use cases policies • 72 hours of breaches Erase their personal data Define data retention Employ a Data • • • Receive consent before and deletion policies Protection Officer (for • Object to processing of • larger organizations) processing personal data their personal data Create & manage Keep records detailing • • Export personal data • processor/vendor data processing contracts
Our commitment to you T o simpli lify y your r path to compli liance, ance, we are e committing mitting to GDPR PR compliance pliance • across ss our clou oud d services vices when enfor orcem cement ent begin ins s on May y 25, 2018. We wi will ll share e our experience erience in comp mply lying ing wi with th comp mplex lex regulations ulations such ch as • the GDPR. PR. T ogethe ther r wi with th our partne tners, s, we we are e prepar pared ed to to help p you me meet t your r policy icy, , • people, le, proces cess, s, and technology hnology goals s on your r journey rney to GDPR PR. . We are ma making ing contract tractual ual comm mmitments itments available ailable to to our customer tomers s th that t • provide vide key y GDPR PR-related elated assurances urances about our services. vices.
Key Certifications Japan____ Japan____ United Kingdom___ CSA CCM CSA CCM Commitment to meeting industry standards CS Mark (Gold) CS Mark (Gold) CSA CCM FISC FISC ENISA IAF Singapore____ ISO/IEC 27001, 27018 ISO/IEC 27001, 27018 EU Model Clauses Japan My Number Act Japan My Number Act ISO/IEC 27001, 27018 CSA CCM SOC 1, 2 SOC 1, 2 NIST 800-171 ISO/IEC 27001, 27018 Over 900 controls in the Office 365 compliance SOC 1, 2, 3 MTCS Spain___ UK G-Cloud SOC 1, 2 framework enable us to stay up to date with the ever- CSA CCM ENISA IAF evolving industry standards across geographies EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2 Spain ENS Spain LOPD Auth. Microsoft is regularly audited, submits self-assessments to independent 3 rd party auditors and holds key certifications China____ China GB 18030 China MLPS China TRUCS New Zealand____ New Zealand____ United States______ CSA CCM CSA CCM CJIS ISO/IEC 27001, 27018 ISO/IEC 27001, 27018 CSA CCM NZCC Framework NZCC Framework DISA SOC 1, 2, SOC 1, 2, FDA CFR Title 21 Part 11 FEDRAMP FERPA FIPS 140-2 FISMA HIPAA/HITECH European Union___ HITRUST IRS 1075 CSA CCM Argentina____ ISO/IEC 27001, 27018 ENISA IAF MARS-E EU Model Clauses Argentina PDPA NIST 800-171 CSA CCM EU-U.S. Privacy Shield Austrailia____ Austrailia____ Section 508 VPATs ISO/IEC 27001, 27018 IRAP (CCSL) SOC 1, 2 CSA CCM CSA CCM SOC 1, 2, ISO/IEC 27001, 27018 IRAP (CCSL) IRAP (CCSL) SOC 1, 2 ISO/IEC 27001, 27018 ISO/IEC 27001, 27018 SOC 1, 2 SOC 1, 2
How do I get started? Identify what personal data you have and Discover 1 where it resides Govern how personal data is used Manage 2 and accessed Establish security controls to prevent, detect, Protect 3 and respond to vulnerabilities & data breaches Keep required documentation, manage data Report 4 requests and breach notifications
Discover: 1 Example solutions In-scope: Microsoft Azure Inventory: Microsoft Azure Data Catalog Enterprise Mobility + Security (EMS) • Microsoft Cloud App Security • • • • Dynamics 365 • • Audit Data & User Activity • Reporting & Analytics • • Office & Office 365 • • • Advanced Data Governance • Office 365 eDiscovery • • •
Manage: 2 Example solutions Microsoft Azure Azure Active Directory Azure Role-Based Access Control (RBAC) Data governance: Data classification: Enterprise Mobility + Security (EMS) Azure Information Protection Office & Office 365 Advanced Data Governance • • Office 365 eDiscovery • • • • Windows & Windows Server • • Microsoft Identity Manager • • Auditing and logging • • Microsoft Data Classification Toolkit • • •
Protect: 3 Example solutions Enterprise Mobility + Security (EMS) Microsoft Intune Azure Information Protection Preventing data Detecting & Multi-Factor Authentication (Azure Active Directory attacks: responding to Premium) breaches: Microsoft Advanced Threat Analytics • Office & Office 365 Data Loss Prevention • Advanced Threat Protection • • Threat Intelligence • • • • SQL Server and Azure SQL Database • • Transparent data encryption • • Always Encrypted • • Windows & Windows Server Windows Hello Credential Guard
Report: 4 Example solutions Microsoft Azure Azure Auditing & Logging Log Analytics Record-keeping: Reporting tools: Enterprise Mobility + Security (EMS) Azure Information Protection Microsoft Advanced Threat Analytics • • • Office & Office 365 • Office 365 Audit Logs • • Office 365 eDiscovery • • Windows & Windows Server • Microsoft Identity Manager • • Auditing and logging Windows Defender Advanced Threat Protection
Enterprise Mobility + Security Protect customer data both in the cloud, and on-premises, with industry-leading security capabilities Office 365 Secure your IT environment and achieve compliance with enterprise- grade user and administrative controls Windows 10 Enterprise Protect devices with industry-leading encryption, anti-malware technologies, and identity and access solutions
Partnering with you to prepare for GDPR Microsoft’s goal is to streamline your GDPR compliance through smart technology, innovation, and collaboration. Together we’ll help you build a more secure environment, Preparing simplify your compliance with the GDPR, for GDPR PR and give you the tools and resources you need to be successful.
Azure has the deepest and most comprehensive compliance coverage in the industry GLOBAL SOC 1 SOC 2 CSA STAR CSA STAR CSA STAR SOC 3 ISO 22301 ISO 9001 ISO 27017 ISO 27001 ISO 27018 Type 2 Type 2 Attestation Self-Assessment Certification US GOV Moderate High DoD DISA DoD DISA DoD DISA Section 508 SP 800-171 FIPS 140-2 ITAR CJIS IRS 1075 JAB P-ATO JAB P-ATO SRG Level 2 SRG Level 4 SRG Level 5 VPAT INDUSTRY Shared PCI DSS HIPAA / GxP IG Toolkit UK CDSA MPAA FACT UK FISC Japan MARS-E FERPA GLBA FFIEC Assessments HITRUST Level 1 HITECH Act 21 CFR Part 11 REGIONAL Argentina EU UK China China China Singapore Australia New Zealand Japan My ENISA Japan CS Spain Spain India Canada Privacy Germany IT PDPA Model Clauses G-Cloud DJCP GB 18030 TRUCS MTCS IRAP/CCSL GCIO Number Act IAF Mark Gold ENS DPA MeitY Privacy Laws Shield Grundschutz workbook
Recommend
More recommend
