Achieving compliance with the General Data Protection Regulation (GDPR), the new data privacy law from the European Union (EU), is not a one-time activity but is an ongoing process. When the GDPR goes into effect on May 25, 2018, individuals will have greater control over their personal data. Additionally, the GDPR imposes new obligations on organizations that collect, handle, or analyze personal data. Implementing the right processes and organizational changes to comply with the GDPR will not be an easy task, but Microsoft is here to help. With 10 chapters, 99 articles, and 160 requirements the GDPR is a complex law, and implementing all this will be a challenge, so Microsoft has created a highly detailed guide.
Our colleagues from Microsoft France recently published a detailed implementation guide, GDPR - Get organized and implement the right processes, available in both English and French. The guide provides customers with a methodology for creating and executing a GDPR compliance program in their organization. It describes the necessary steps for achieving GDPR compliance through a plan, do, check, act (PDCA) approach using Microsoft Cloud services such as Azure, as shown in the diagram below.
Figure 1: Consolidated view of the main GDPR related activities to be carried out, grouped by main categories.
For example, the guide explains when and how to create a data protection impact analysis (DPIA), describes what approval process should be put in place, what governance model should be applied, and what the role of a Data Protection Officer (DPO) is in the context of the GDPR.
Further information about how Azure helps you to successfully address the requirements of your GDPR compliance preparation are available at the Microsoft Azure GDPR web page on our Microsoft Trust Center.