Skip navigation

Protecting privacy in Microsoft Azure: GDPR, Azure Policy Updates

Posted on 30 August, 2018

Senior Director, Microsoft Azure

Today more than ever, privacy is of critical importance in the technology industry. Microsoft has an enduring commitment to protect data privacy, not as an afterthought, but built into Microsoft Azure from the ground up. Microsoft designed Azure with industry-leading security controls, compliance tools, and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. These also help you comply with other important global and regional privacy standards such as ISO/IEC 27018, EU-U.S. Privacy Shield, EU Model Clauses, HIPAA/HITECH, and HITRUST.

When you build on Azure’s secure foundation, you accelerate your move to the cloud by achieving compliance more readily, allowing you to enable privacy-sensitive cloud scenarios, such as financial and health service, with confidence.

In this episode we describe key tools in Azure to help you achieve your privacy goals that include:

  • The Azure Data Subject Requests for the GDPR portal, which provides step-by-step guidance on how to comply with GDPR requirements to find and act on personal data that resides in Azure. This capability to execute data subject requests is available through the Azure portal on our public and sovereign clouds, as well as through pre-existing APIs and UIs across the breadth of our online services.
  • Azure Policy, which is deeply integrated into Azure Resource Manager, helps your organization enforce policy across resources. With Azure Policy you can define policies at an organizational level to manage resources and prevent developers from accidentally allocating resources in violation of those policies. You can use Azure Policy in a wide range of compliance scenarios, such as ensuring that your data is encrypted or remains in a specific region to comply with the GDPR.
  • Compliance Manager, which is a free workflow-based risk assessment tool, can help you manage regulatory compliance within the shared responsibility model of the cloud. It delivers a dashboard view of standards, regulations, and assessments that contain Microsoft control implementation details and test results as well as customer-managed controls. This enables you to track, assign, and verify your organization's regulatory compliance activities.
  • Azure Information Protection, which offers file-share scanning for on-premises servers to discover sensitive data, can enable you to label, classify, and protect it thereby improving organizational data governance.
  • Azure Security Center, which provides unified security management and advanced threat protection. Integration with Azure Policy enables you to apply security policies across hybrid cloud workloads to enable encryption, limit organizational exposure to threats, and respond to attacks.
  • Azure Security and Compliance GDPR Blueprint, which can help you build and launch cloud applications that meet GDPR requirements. You can leverage our common reference architectures, deployment guidance, GDPR article implementation mappings, customer responsibility matrices, and threat models to simplify adoption of Azure in support of your GDPR compliance initiatives.

Learn more on the Service Trust Portal about how Microsoft can help you meet GDPR requirements. Read more about our steadfast commitment to privacy at Microsoft.