Understanding EU GDPR from an Office 365 perspective

Slides:



Advertisements
Similar presentations
Create beautiful, fast, interactive pages in SharePoint
Advertisements

Building Compliant Team Sites
Azure on Steroids: Full Automation with PowerShell
Cloud Security IS Application-Centric Security
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Microsoft 365 Get help with regulatory compliance
Azure Cloud Shell Magic of Modern Command-line Management
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Azure SDKs and Tools for You
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Do more with Microsoft Word and Office 365
Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise
Build data-driven solutions using Microsoft Visio
What a Real, Functioning DevOps Team Looks Like
Protect sensitive information with Office 365 DLP
8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.
SQL Server on Linux on All-Flash Arrays
Microsoft Planner: How to manage your team’s work in Office 365
Excel and Power BI Better Together Democratization of data
Workflow Orchestration with Adobe I/O
Customize Office 365 Search and create result sources
The utility belt for managing security and compliance in Office 365
Find, try and get line-of-business apps on Microsoft AppSource
Develop for the Experience Business with Adobe and Microsoft
User Group Best Practices
Gover'nuisance' explained in la(z)yman's terms
Automate all things! Microsoft Azure continuous deployment
Agile Planning with Visual Studio Team Services (VSTS)
Advancing the SharePoint Developer Community (PnP)
Building a unified experience across Office 365
9/22/2018 3:49 AM BRK2247 Learn from MVPs: Panel discussion on all things SharePoint and OneDrive © Microsoft Corporation. All rights reserved. MICROSOFT.
Confidence at speed: Visual Studio 2017 and your CI pipeline
Azure PowerShell Aaron Roney Senior Program Manager Cormac McCarthy
Collaboration in the Office Apps
Continuous Delivery with Visual Studio Team Services
Supercharge Microsoft Teams using Teams apps in node.js
11/23/2018 8:30 AM BRK3037 BRK3037: Dive deep on building apps and services with the Office 365 Communications Platform David Newman Senior Program Manager.
Azure Advisor: Optimization in the best way
Accelerate Office 365 Adoption Through Microsoft FastTrack Services
Microsoft products for non-profits
Automating security for better, continuous compliance in the cloud
Introduction to ASP.NET Core 1.0
Five cool things you can do with Windows PowerShell on Office 365
Microsoft To-Do Preview
Microsoft Exchange: Through the eyes of MVPs (Panel discussion)
MDM Migration Analysis Tool (MMAT)
Overview: Dynamics 365 for Project Service Automation
Virtual Reality with Azure and Unity
Keep up with Office 365 evolution in the real world
Understand your Azure cloud assets dependencies with BMC Discovery
Breaking Down the Value of A Yammer Post: 20 Things to Do
An introduction to the SharePoint Patterns and Patterns initiative
Cool Microsoft Edge Tips and Tricks
When Bad Things Happen to Good Applications
Explore PnP Partner Pack for IT pros, admins and architects
Getting the most out of Azure resources with Azure Advisor
4/16/2019 4:15 PM How Microsoft does IT: How Microsoft IT is embracing modern to build SharePoint experiences Sam Crewdson Senior Program Manager Rene.
“Hey Mom, I’ll Fix Your Computer”
4/21/2019 7:09 AM THR2098 Unlock New Opportunities with Nintex Hawkeye Process Intelligence and Workflow Analytics Sr. Product.
4/28/2019 3:30 AM THR1061 Learn how Dynamics 365, Office 365 and related applications work together to transform the workplace Donna Edwards Solution Architect.
Consolidate, manage, backup, and secure your cloud content
Designing Bots that Fit Your Organization
Ask the Experts: Windows 10 deployment and servicing
Passwordless Service Accounts
Digital Transformation: Putting the Jigsaw Together
WCF and .NET Framework Microservices in Containers
Diagnostics and troubleshooting in Azure App Service Support Center
Optimizing your content for search and discovery
Microsoft Data Insights Summit
Presentation transcript:

Understanding EU GDPR from an Office 365 perspective 5/29/2018 9:54 AM THR2180 Understanding EU GDPR from an Office 365 perspective Paolo Pialorsi Senior Consultant – PiaSys.com © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Agenda Why GDPR compliancy matters? Office 365 and GDPR From an IT perspective Office 365 and GDPR GDPR Activity Hub

Why GDPR compliancy matters?

What is GDPR? GDPR = General Data Protection Regulation Regulation (EU) 2016/679 It’s a regulation not a directive Regulation: Immediately applicable and enforceable by law in all Member States Directive: needs to be transposed into national law by Member States Scope: protection of data for all individuals in the EU

I’m outside EU, does it matter for me? Yes it does! If you process, hold, store, manage personal data of any EU resident … … you need to be compliant with GDPR! Regardless where you are and where your business is located!

Common definitions Data Subject: an identified or identifiable natural person Personal Data: any information relating to a Data Subject Processing: any operation or set of operations which is performed on Personal Data or on sets of Personal Data

GDPR Roles Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller Data Protection Officer: provides guidance on the implementation of appropriate measures and on the demonstration of compliance

Key changes under GDPR Personal Privacy Controls and notifications Individuals have the right to: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Controls and notifications Organizations will need to: Protect personal data using appropriate security Notify authorities of personal data breaches Obtain appropriate consents for processing data Keep records detailing data processing Transparent policies Organizations are required to: Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies IT and training Train privacy personnel and employees Audit and update data policies Employ a Data Protection Officer (if required) Create and manage compliant vendor contracts

Some IT requirements You need to keep track of events like: Data Breaches Data Consent Data Consent Withdrawal Identity Risks/Theft Data Processing Data Archived You need to collect requests for: Data Access Data Correction Data Export Data Processing Objection Data Erase

Just to make an example … As soon as the controller becomes aware that a personal data breach has occurred, the controller should notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it A supervisor authority can be a data protection authority (DPA) Thus, you will need a workflow process for Data Breaches!

Office 365 and GDPR

In February 2017, Microsoft announced that its cloud services will comply with GDPR by May 25, 2018

Main capabilities of Office 365 for GDPR compliancy 5/29/2018 9:54 AM Main capabilities of Office 365 for GDPR compliancy Tooling Data Loss Prevention (DLP) Advanced Data Governance Office 365 eDiscovery Customer Lockbox Logging Advanced Threat Protection Threat Intelligence Advanced Security Management Office 365 audit logs Reporting Security & Compliance Reports Risk & Compliance Dashboard © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

GDPR Activity Hub

What is the GDPR Activity Hub? Reference solution for Partners and Customers Ready to go portal Open source, related to the SharePoint PnP Project https://github.com/SharePoint/sp-dev-gdpr-activity-hub Based on tools, techniques, and patterns promoted by PnP Allows easy management of GDPR tasks and phases Based on Office 365 and SharePoint Online Showcase of Microsoft technologies’ capabilities

Involved Technologies SharePoint Online modern sites SharePoint Framework client-side web parts Office 365 Groups/Microsoft Teams Remote provisioning Power BI

Main Functionalities GDPR Dashboard Data repository based on SharePoint Online Custom pages for data management Insert Request client-side web part Insert Event/Incident client-side web part Basic sample flows for tasks management Tasks Management client-side web part GDPR Hierarchy client-side web part General capabilities

General Capabilities Automated setup and provisioning General documentation Customizable model Open for community contribution It’s open source!

Demo Lap around GDPR Activity Hub

Wrap up! Be prepared for GDPR Almost every business is impacted! Start the assessment of your IT infrastructure Give an eye to the GDPR Activity Hub

Thank you!

Please evaluate this session Tech Ready 15 5/29/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5/29/2018 9:54 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.