Microsoft Readies Its Cloud for New EU Privacy Law

As the European Union prepares to enforce its recently updated data privacy laws, Microsoft and other providers are retrofitting their services to ensure their customers are compliant with the new regulations.

The General Data Protection Regulation (GDPR) promises greater privacy controls over how personal data gets processed for EU residents. While the law applies to residents within EU member states, it also applies if their information is used outside those states. Organizations found to be in violation of the GDPR can be subject to fines calculated as the greater of €20 million or 4 percent of an organization's annual turnover globally.

The law consists of a Regulation and a Directive, which were both passed in April of last year. The Regulation describes the protection of personal data, while the Directive is focused on the processing and movement of personal data by entities, such as companies and service providers.

The Directive, even though it's already passed, will come into effect legally for the individual EU states on May 25, 2018. Consequently, organizations worldwide have less than a year to achieve compliance with the GDPR.

Microsoft this week touted its "cloud" services as being in such a state that they will achieve full compliance with the GDPR on May 25, 2018. Services such as "Office 365, Dynamics 365, Azure, including Azure data services, Enterprise Mobility + Security, and Windows 10" will be compliant, Microsoft promised in an announcement.

In addition, Microsoft is selling its services to organizations to help them get compliant with the GDPR. Documents can be tracked and revoked using Azure Information Protection. Data can be labeled using the Office 365 Advanced Data Governance service.

Organizations should take steps today to plan for GDPR compliance. According to Microsoft, they should:

  • Discover the data that's subject to the GDPR
  • Manage how personal data is used and accessed
  • Protect the data by establishing controls, and
  • Report on data use, including plans for managing data requests and providing public notifications about breaches

Microsoft is touting its Enterprise Mobility + Security products as being helpful for carrying out those steps.

Microsoft also plans to release a new "Risk and Compliance" dashboard, indicating GDPR compliance, for organizations using its services. The dashboard, expected to arrive "later this year," will show the state of customer controls and Microsoft controls for GDPR compliance across various services, according to this screenshot:

[Click on image for larger view.] Screenshot of Microsoft's coming GDPR Risk and Compliance dashboard. (Source: Microsoft blog post.)

This week, Microsoft published a GDPR compliance section within the Microsoft Trust Center. It contains white papers published this month on the topic, as well as a video featuring Julia White, corporate vice president at Microsoft plus Brad Smith, president and chief legal officer at Microsoft. Smith noted in the video that the GDPR may become a broader standard than just for EU countries.

"We believe the GDPR is an important step forward for clarifying and enabling individual privacy rights," Smith said in the video. "And while it's a regulation for Europe, in fact, it's rapidly emerging as a new standard for the world."

In other GDPR news, Commvault, a provider of data protection and information management services, promised it can help organizations achieve compliance. Its Commvault Data Platform indexes data and can find personally identifiable information within unstructured data. It can find the information in archives, backups and endpoint protection services, as well as cloud environments, according to an announcement.

Individuals under the GDPR have the right to be forgotten, as well as the right to be notified when their information has been hacked. Organizations, on the other hand, have the right to retain data within a time frame needed to fulfill a contract or legal obligation, according to the EU's Q&A document.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • The 2019 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generation of HoloLens, here's what's on tap from Microsoft this year.

  • Microsoft Delivers 'Light' September Security Patch Bundle

    Microsoft on Tuesday released September security patches for Windows and applications, addressing 85 vulnerabilities.

  • Satellite Partners Now Connect to Azure ExpressRoute Service

    Satellite partners are working with Microsoft to extend Azure ExpressRoute's private Internet connections to organizations in isolated regions.

  • Microsoft Ending Windows Analytics in January

    The Windows Analytics suite of Windows 10 upgrade utilities will "retire" on Jan. 31, 2020, with Desktop Analytics taking its place, Microsoft announced on Friday.

RCP Update

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.