The General Data Protection Regulation (GDPR) officially goes into effect on May 25. Will your organization be ready?
Very soon, the GDPR will replace the Data Protection Directive as the new global standard on data privacy for all government agencies and organizations that do business with European Union (EU) citizens. When it does, all organizations that control, maintain, or process information involving EU citizens will be required to comply with strict new rules regarding the protection of personal customer data. For companies that store and manage data in the cloud, assuming existing infrastructure will remain compliant with new regulatory requirements might result in significant fines.
It’s important to understand that the differences between the new GDPR and the Data Protection Directive could impact your cloud data and security controls. For example, GDPR’s broad interpretation of what constitutes personal information leaves relevant agencies and organizations responsible for providing “reasonable” protection for a wider range of data types, including genetic and biometric data. More than ever, this regulatory transition highlights the importance of implementing a comprehensive cloud security strategy for your company.
According to a recent GDPR benchmarking survey, although 89 percent of organizations have (or plan to have) a formal GDPR-readiness program, only 45 percent have completed a readiness assessment. At Microsoft, we’ve been preparing for GDPR compliance for the better part of a year and empowering our customers to do the same. Because Microsoft has extensive experience developing cloud solutions with security built-in, we’ve become a leading voice on solving GDPR-related privacy challenges in the cloud.
Now, we’ve turned this experience and insight into a free, four-part video series, Countdown: Preparing for GDPR. Be sure to watch GDPR and Azure to learn more from David Burt, Senior Compliance Marketing Manager for Azure. You can also read more about our point of view on this transition as the first hyper-scale cloud vendor to offer GDPR terms and conditions in the enterprise space.