The General Data Protection Regulation (GDPR), which began as a regulatory requirement, is increasingly seen as a long-term opportunity to establish greater trust with customers and further unlock employee collaboration and productivity in many businesses. The intelligent compliance solutions in Microsoft 365 help you assess and manage your compliance risks and leverage the cloud to identify, classify, protect, and monitor sensitive data residing in hybrid and heterogeneous environments to support GDPR compliance.
Updates in Microsoft 365—
- Compliance Manager general availability for Azure, Dynamics 365, and Office 365 Business and Enterprise customers in public clouds.
- Compliance Score availability for Office 365.
- Azure Information Protection scanner general availability.
In addition to the updates announced today, capabilities in Microsoft 365 help to:
- Protect sensitive data in apps and across cloud services.
- Support data protection across platforms.
- Provide a consistent labeling schema experience (in preview).
We’re also going to expand sensitive data types to include a GDPR template to consolidate sensitive data types into a single template.
These Microsoft 365 updates and capabilities are designed to provide you with an information protection strategy to help with GDPR compliance.
“GDPR is coming. But with Microsoft’s information protection solutions, we will have a more efficient way to handle compliance.”
Erlend Skuterud, chief information security officer for Yara
Assess and manage compliance risk with Compliance Manager
Because achieving organizational compliance can be very challenging, we suggest organizations periodically perform risk assessments to understand their compliance posture. Compliance Manager is a cross–
“Compliance Manager really adds great additional value for Microsoft Cloud services by providing insights on the relationships between regulation, processes, and technology,” stated IT manager Nick Postma from Abrona, a Dutch healthcare organization that helps clients on their journey to becoming strong and confident members of society through social partnerships.
Perform risk assessments with Compliance Score
Learn more about the key capabilities and updates for Compliance Manager and Compliance Score at our Tech Community blog.
Protect sensitive data on-premises
Azure Information Protection scanner addresses hybrid and on-premises scenarios by allowing you to configure policies to automatically discover, classify, label, and protect documents in your on-premises repositories such as File servers and on-premises SharePoint servers. The scanner can be configured to periodically scan on-premises repositories based on company policies. Azure Information Protection scanner is now generally available.
Protect sensitive data in apps and across cloud services
Since data travels through many locations—
Microsoft Cloud App Security (MCAS) can read files labeled by Azure Information Protection and set policies based on the file labels. For example, a file labeled as Confidential, with an associated policy of “do not forward or copy,” cannot leave your network via file sharing apps like Box.net or Dropbox. In addition, the service scans and classifies sensitive files in cloud apps and automatically applies AIP labels for protection—
Support for data protection across platforms
As part of our information protection vision, our goal is to cover all major device platforms. Building on our efforts to support non-Windows platforms, we are now previewing the ability to label and protect sensitive data natively, with no plugins required, in Office applications running on Mac devices. This enables Mac users to easily classify, label, and protect Word, PowerPoint, and Excel documents in a similar manner that you are used to with the Azure Information Protection client on Windows. Considering that a significant amount of sensitive information is in PDF format, as part of our ongoing partnership, we are in the process of working with Adobe to have the same consistent labeling and protection of PDFs available in Adobe Reader.
To learn more about these new information protection capabilities, visit the Enterprise Mobility + Security blog.
Consistent labeling schema experience now in preview
We are previewing a consistent labeling schema that will be used across information protection solutions in Microsoft 365. To start, this means that the same default labels will be used across both Office 365 and Azure Information Protection—
The consistent labeling model also helps ensure that sensitive labels—
“Microsoft’s information protection capabilities help you protect and manage your sensitive data throughout its lifecycle—
inside and outside the organization,” stated an analyst from KuppingerCole, an international and independent analyst organization headquartered in Europe.
Detect and classify personal data relevant to GDPR
The ability to automatically classify personal data is a critical part of helping you achieve your GDPR goals. Today, we have over 80 out-of-the-box sensitive information types that can be used to detect and classify your data. Soon we will provide a GDPR sensitive information type template to help detect and classify personal data relevant to GDPR. The upcoming GDPR sensitive information type template will help consolidate our sensitive data types into a single template—
To learn more about the current sensitive information types, read “What the sensitive information types look for.” To learn more about how to create and customize your own sensitive information types, read “Create a custom sensitive information type.”
For sensitive emails, Microsoft 365 enables users to collaborate on protected messages with anyone inside or outside the organization via Office 365 Message Encryption. To provide more flexibility over controlling and protecting personal information shared in sensitive emails, we are rolling out the new encrypt-only policy in Office 365 Message Encryption starting today. Read further about this and other updates in our Tech Community blog.
Get started on your GDPR journey with Microsoft 365
The Microsoft Cloud is uniquely positioned to help you meet your GDPR compliance obligations. Our cloud solution is built for power, scale, and flexibility. Microsoft 365 brings together Office 365, Windows 10, and Enterprise Mobility + Security—
No matter where you are in your GDPR efforts, the Microsoft Cloud and our intelligent compliance solutions in Microsoft 365 can help you on your journey to GDPR compliance. Learn more about how Microsoft can help you prepare for the GDPR and take our free online GDPR assessment. Get started with your organization’s information protection planning by downloading our free white paper and eBook.