In June 2017, we alerted you via blog post that if you have GDPR questions, Azure has answers. Through a variety of listening channels, we have collected customer GDPR feedback, and have embarked in earnest on delivering the right content to customers. As part of our unwavering commitment to GDPR compliance, Azure has been busy producing collateral to help customers with their GDPR compliance needs. Azure is unmatched in the industry when it comes to addressing customers GDPR requirements, and we encourage customers to refer to the resources below when looking for GDPR answers.
1. Contractual commitment in the Online Services Terms via the inclusion of GDPR terms.
- The GDPR requires that a controller only use a processor that guarantees it will “implement appropriate technical and organizational measures” such that the rights of data subjects are protected and the processing requirements of the GDPR are satisfied. In the context of Azure, Microsoft is a processor and its customer is the controller. The contract agreement also covers Microsoft’s role as a subprocessor as explained in GDPR Terms (Attachment 4).
2. Azure GDPR landing page provides essential information to customers on how to get started with GDPR compliance. It also links to the updated main Microsoft GDPR landing page for additional resources.
3. Assessment tools
- Customer tool: Online self-evaluation tool with 26 questions intended to help customers review their overall level of readiness for GDPR compliance. The tool has been translated into German, French, Spanish, and Italian.
- Partner tool: Detailed assessment tool with 125 questions partners can use for customer assessments. Questions and answers are stored in an Excel spreadsheet, with a corresponding Power BI dashboard for comprehensive visualization. The GDPR Detailed Assessment is intended to assist partners in facilitating customer assessments.
4. Technical white papers
- Learn how to discover personal data with Azure: This article provides guidance on how to discover, identify, and classify personal data in several Azure services, including Azure Data Catalog, Azure Active Directory, SQL Database, Power Query for Hadoop clusters in Azure HDInsight, Azure Information Protection, Azure Search, and SQL queries for Azure Cosmos DB.
- Learn how to manage personal data with Azure: This article provides guidance on how to correct, update, delete, and export personal data in Azure Active Directory and Azure SQL Database.
- Learn how to protect personal data with Azure: This article provides pointers to other documentation to help customers use Azure security technologies and services to protect personal data.
- Learn how to document and report personal data with Azure: This article discusses how to use Azure reporting services and technologies to help protect privacy of personal data.
5. Mainstream white papers
- How Azure can help organizations become compliant with the GDPR: Provides links to online documentation to help customers meet GDPR requirements outlined in Articles 7, 9, 15, 20, 25, 30, 32, 33, and 46.
- Guide to enhancing privacy and addressing GDPR requirements with the Microsoft SQL Platform: Provides specific guidance with links to online documentation for addressing GDPR requirements in Articles 25, 30, 32, 33, and 35. Covers Azure SQL Database, Azure SQL Data Warehouse, SQL Server on Azure Virtual Machines, and other Microsoft SQL related technologies.
- Supporting your GDPR compliance journey with Microsoft EMS: Describes how Microsoft Enterprise Mobility and Security (EMS) suite can help customers address key GDPR scenarios including data protection, data access restriction, data control in cloud apps, and detection of data breaches.
- Beginning your GDPR journey: Provides introduction to GDPR across four pillars (Discover, Manage, Protect, Report) applicable to Microsoft online services.
- GDPR overview: Provides high-level overview of GDPR structured as a series of questions and answers.
- Data classification: Azure data classification for cloud readiness including references to GDPR.
- Accelerate GDPR compliance with Microsoft Cloud: eBook that covers key GDPR requirements across Microsoft Online Services, including Azure. Provides a rollup of the content from the GDPR Assessment Tool.
6. Partner resources
- Available from the GDPR partner network.
Stay tuned for additional white papers, tools, and workshops that we will be releasing in the coming months.