• 4 min read

New capabilities to enable robust GDPR compliance

Today marks the beginning of enforcement of the EU General Data Protection Regulation (GDPR), and I’m pleased to announce that we have released an unmatched array of new features and resources to…

Today marks the beginning of enforcement of the EU General Data Protection Regulation (GDPR), and I’m pleased to announce that we have released an unmatched array of new features and resources to help support compliance with the GDPR and the policy needs of Azure customers.

New offerings include the general availability of the Azure GDPR Data Subject Request (DSR) portal, Azure Policy, Compliance Manager for GDPR, Data Log Export, and the Azure Security and Compliance Blueprint for GDPR.

In our webcast today, President Brad Smith outlined our commitment to making sure that our products and services comply with the GDPR, including having more than 1,600 engineers across the company working on GDPR projects. As Brad noted, we believe privacy is a fundamental human right, and that individuals must be in control of their data. So I am pleased that Azure is part of keeping that commitment by being the only hyperscale cloud provider to offer the level of streamlined mechanisms and tools for GDPR compliance enforcement we are announcing today.

Azure Data Subject Request (DSR) portal enables you to fulfill GDPR requests. The DSR capability is generally available today through the Azure portal user interface, as well as through pre-existing application programming interfaces (APIs) and user interfaces (UIs) across the breadth of our online services. These capabilities allow customers to respond to requests to access, rectify, delete, and export personal data in the cloud. In addition, Azure enables customers to access system-generated logs as a part of Azure services.

Azure Policy enables you to set policies to conform to the GDPR. Azure Policy is generally available today at no additional cost to Azure customers. You can use Azure Policy to define and enforce policies that help your cloud environment become compliant with internal policies as well as external regulations.

Azure Policy is deeply integrated into Azure Resource Manager and applies across all resources in Azure. Individual policies can be grouped into initiatives to quickly implement multiple rules. You can also use Azure Policy in a wide range of compliance scenarios, such as ensuring that your data is encrypted or remains in a specific region as part of GDPR compliance. Microsoft is the only hyperscale cloud provider to offer this level of policy integration built in to the platform for no additional charge.

Extend Azure Policies for the GDPR into Azure Security Center. Azure Security Center provides unified security management and advanced threat protection to help meet GDPR security requirements. With Azure Policy integrated into Security Center, you can apply security policies across your workloads, enable encryption, limit your exposure to threats, and help you respond to attacks.

The Azure Security and Compliance GDPR Blueprint accelerates your GDPR deployment. This new Azure Security and Compliance Blueprint will help you build and launch cloud-powered applications that meet GDPR requirements. It includes common reference architectures, deployment guidance, GDPR article implementation mappings, customer responsibility matrices, and threat models that enable you to quickly and securely implement cloud solutions.

Compliance Manager for Azure helps you assess and manage GDPR compliance. Compliance Manager is a free, Microsoft cloud services solution designed to help organizations meet complex compliance obligations, including the GDPR, ISO 27001, ISO 27018, and NIST 800-53. Generally available today for Azure customers, the Compliance Manager GDPR dashboard enables you to assign, track, and record your GDPR compliance activities so you can collaborate across teams and manage your documents for creating audit reports more easily. Azure is the only hyperscale cloud provider with this functionality.

Azure GDPR support and guidance help you stay compliant. Our GDPR sites on the Service Trust Portal and the Trust Center provide you with current information about Microsoft services that support the requirements of the GDPR. These include detailed guidance on conducting Data Protection Impact Assessments in Azure, fulfilling DSRs in Azure, and managing Data Breach Notification in Azure for you to incorporate into your own GDPR accountability program.

Global Regions help you meet your data residency requirements. Azure has more global regions than any other cloud provider, offering the scale you need to bring applications closer to people around the world, preserve data residency, and give customers the confidence that their data is in under their control.

Microsoft has a long-standing commitment to privacy and was the first cloud provider to achieve certification for the EU Model Clauses and ISO/IEC 27018, and was the first to contractually commit to the requirements of the GDPR. Azure offers 11 privacy-focused compliance offerings, more than any other cloud provider. We are proud to be the first to offer customers this level of GDPR functionality.

Through the GDPR, Azure has strengthened its commitment to be first among cloud providers in providing a trusted, private, secure, and compliant private cloud. We are continuing to build and release new features, tools, and supporting materials for our customers to comply with the GDPR and other important standards and regulations. We are proud to release these new capabilities and invite you to learn more in the Azure portal today.