Office 365 And GDPR Compliance – A Match Made In The Cloud

posted in: GDPR, Office 365 0

From May 25th 2018 (which is just 67 days away!), all businesses and organisations operating inside or dealing with the data of citizens from the European Union must follow the General Data Protection Regulation, or GDPR for short. We’ve talked a bit about what GDPR is and how it will affect your business before, and you can read all about that by clicking here. But in a nutshell, it’s designed to safeguard the personal data of all EU citizens. So, if you’re handling, processing or even looking at data belonging to EU citizens, you’re required to comply. If you don’t meet the requirements of GDPR security, you could be fined up to 4% of your company’s annual global turnover, or up to €20 million – whichever is higher. For any business that has customers inside the EU, including giants like Microsoft, making sure all of their software is compliant is critical.

Understanding Data In Office 365

The definitions of personal data and processing under GDPR are quite broad – and intentionally so. But this does mean that it’s been difficult for many businesses to understand exactly where their data is, what they do with it and if they need to do anything to make it compliant. To bring this into more real-world terms, personal information may be stored in any number of applications – including Office 365, the most popular choice for business software. This could include:

  • Annual reviews for employees, which could be stored in SharePoint or OneDrive for Business.
  • A list of applicants for a position in your business, which may be stored in an Excel spreadsheet.
  • Tables holding all sorts of data, such as names, national insurance numbers, hire dates and salaries, could be found in SharePoint.
  • Contracts, held in Word files and attached to emails.

And so on. In fact, many businesses store up to 85% of their data in cloud-based software solutions, such as Office 365. This means that, in terms of regulatory adherence, you may already be compliant with GDPR. Even if your data is in the cloud, Microsoft has a duty to ensure that GDPR is met – and that transfers down to the end user. Of course, it doesn’t help in terms of being able to find and delete data if you’re asked to under the Right To Be Forgotten – you need a good data governance system for that.

In Built Data Governance

Thankfully, there are already tools in place that will help you track and manage personal data within Office 365. The teams at Microsoft have been working hard to ensure that finding, tracking and destroying certain types of data is as simple as possible for its users. To do this, they have installed a variety of data governance capabilities and frameworks in their software suites, including:

  • Classification labels and policies, to mark content that holds personal data and make it easily recognisable.
  • Auto-label policies, which find and classify personal data as defined by GDPR. Retention processing capabilities can then remove any items stamped with the GDPR label from mailboxes and sites after a defined period of time – usually after a manual disposition process.
  • Intelligent content searches, which find personal data marked as coming under the scope of GDPR.
  • Alerts policies, which automatically detect actions that might be against GDPR.
  • Searches of the full Office 365 audit log to help you discover and report potential GDPR issues.
  • Azure Information Protection labels to encrypt documents and spreadsheets holding personal data. They do this by applying RMS templates, so that unauthorised people can’t read the documents even if they are leaked outside the organisation.

At the end of the day, the fact that the base software needs to be compliant is really good news for business who use their services – as it means several areas of your business will be compliant by default. You can find out more about how Microsoft Office 365 products can help you be GDPR compliant by clicking here.

At ACT Systems, we are proud to be a Microsoft Cloud Accelerator Partner. This means that we can analyse your current operations, identify the right Microsoft solution for you, and help you move your operations into the cloud. There is so much more to the 365 platform than just email and storage, and out experts can help you unlock the potential and make dramatic improvements to your business. We can even provide training and ongoing support, so you will never feel lost in the IT fog again. For more information, you can read our Microsoft Office 365 factsheet here, or get in touch with one of the team today.