Microsoft Adds GDPR Improvements to Office 365, Azure

With the European Union's General Data Protection Regulation (GDPR) requirements set to become law on May 25, Microsoft is working to get its cloud services and customers compliant.

The company last week announced some tooling enhancements to help organizations using Azure and Office 365 services meet GDPR requirements. The improvements are aimed at ensuring that both Microsoft's services and the organizations using them will be GDPR-compliant by the law's enforcement date.

The GDPR is a data privacy law that stipulates how the data of EU residents should be handled by organizations. Individuals can request information about stored data, and ask that it be modified or deleted by the organization. The organization, in GDPR lingo, is known as a "data controller." The law even applies to organizations located outside the EU. There are stiff fines for data privacy violators, up to €20 million or 4 percent of an organization's annual revenue turnover, whichever is greater.

Some of the Microsoft tools supporting GDPR compliance include:

Last week, Microsoft announced that it released a preview of a new Data Subject Access Request interface in the Security and Compliance Center via a new tab addition, as well as in the Azure Portal.

The Data Subject Access Request interface is also available in the Service Trust Portal, according to an announcement by the Microsoft 365 team. The Service Trust Portal also has new "Breach Notification" documentation. The portal will be getting a "Data Protection Impacts Assessments" section in coming weeks, according to this Microsoft Tech Community post.

A Data Subject Access Request gets carried out by an organization when a person makes a request, such as to provide the data that's been stored or to delete or modify the data. The individual can also request that the data be provided in an electronic format that can be "moved another data controller," according to Microsoft.

The new Data Subject Access Request interface preview lets organizations perform a search for "relevant data across Office 365 locations." It will search across "Exchange, SharePoint, OneDrive, Groups and now Microsoft Teams." It exports the data for review "prior to being transferred to the requestor," Microsoft explained.

The Data Subject Access Request interface preview also works with Microsoft's Advanced Data Governance service, so it can be event based. Here's how the Office 365 team explained the matter:

One DSR scenario an organization may encounter is when a departing employee requests that their data is provided to them. To help with this scenario and others like it, the Event-based retention feature of Advanced Data Governance is now generally available for Office 365 E5 customers.

Microsoft is promising that the Data Subject Access Request capabilities will be out of preview before the May 25 deadline. Microsoft is also promising that IT pros will be able to "execute DSRs against system-generated logs."

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


  • Windows Autopilot for HoloLens 2 Hits Preview

    Windows Autopilot, Microsoft's PC self-provisioning program, is now being tested for use with the company's mixed-reality headset, the HoloLens 2.

  • Signs Point to Microsoft Charging for Use of APIs

    There are indications that Microsoft is mulling charging customers for software that uses its application programming interfaces.

  • The 2020 Microsoft Product Roadmap

    From the next major update to Windows 10 to the next generations of .NET and PowerShell, here's what's on tap from Microsoft this year.

  • Microsoft Extends Azure Hybrid Benefit Licensing to Linux

    Microsoft has expanded its Azure Hybrid Benefit licensing program to include Linux servers, particularly Red Hat Enterprise Linux or SUSE Linux Enterprise servers.