Presentation is loading. Please wait.

Presentation is loading. Please wait.

Understanding EU GDPR from an Office 365 perspective

Published byClementine Watts Modified over 6 years ago

Similar presentations

Presentation on theme: "Understanding EU GDPR from an Office 365 perspective"— Presentation transcript:

1 Understanding EU GDPR from an Office 365 perspective
5/29/2018 9:54 AM THR2180 Understanding EU GDPR from an Office 365 perspective Paolo Pialorsi Senior Consultant – PiaSys.com © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Agenda Why GDPR compliancy matters? Office 365 and GDPR
From an IT perspective Office 365 and GDPR GDPR Activity Hub

3 Why GDPR compliancy matters?

4 What is GDPR? GDPR = General Data Protection Regulation
Regulation (EU) 2016/679 It’s a regulation not a directive Regulation: Immediately applicable and enforceable by law in all Member States Directive: needs to be transposed into national law by Member States Scope: protection of data for all individuals in the EU

5 I’m outside EU, does it matter for me?
Yes it does! If you process, hold, store, manage personal data of any EU resident … … you need to be compliant with GDPR! Regardless where you are and where your business is located!

6 Common definitions Data Subject: an identified or identifiable natural person Personal Data: any information relating to a Data Subject Processing: any operation or set of operations which is performed on Personal Data or on sets of Personal Data

7 GDPR Roles Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data Data Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller Data Protection Officer: provides guidance on the implementation of appropriate measures and on the demonstration of compliance

8 Key changes under GDPR Personal Privacy Controls and notifications
Individuals have the right to: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Controls and notifications Organizations will need to: Protect personal data using appropriate security Notify authorities of personal data breaches Obtain appropriate consents for processing data Keep records detailing data processing Transparent policies Organizations are required to: Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies IT and training Train privacy personnel and employees Audit and update data policies Employ a Data Protection Officer (if required) Create and manage compliant vendor contracts

9 Some IT requirements You need to keep track of events like:
Data Breaches Data Consent Data Consent Withdrawal Identity Risks/Theft Data Processing Data Archived You need to collect requests for: Data Access Data Correction Data Export Data Processing Objection Data Erase

10 Just to make an example …
As soon as the controller becomes aware that a personal data breach has occurred, the controller should notify the personal data breach to the supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it A supervisor authority can be a data protection authority (DPA) Thus, you will need a workflow process for Data Breaches!

11 Office 365 and GDPR

12 In February 2017, Microsoft announced that its cloud services will comply with GDPR by May 25, 2018

13 Main capabilities of Office 365 for GDPR compliancy
5/29/2018 9:54 AM Main capabilities of Office 365 for GDPR compliancy Tooling Data Loss Prevention (DLP) Advanced Data Governance Office 365 eDiscovery Customer Lockbox Logging Advanced Threat Protection Threat Intelligence Advanced Security Management Office 365 audit logs Reporting Security & Compliance Reports Risk & Compliance Dashboard © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 GDPR Activity Hub

15 What is the GDPR Activity Hub?
Reference solution for Partners and Customers Ready to go portal Open source, related to the SharePoint PnP Project Based on tools, techniques, and patterns promoted by PnP Allows easy management of GDPR tasks and phases Based on Office 365 and SharePoint Online Showcase of Microsoft technologies’ capabilities

16 Involved Technologies
SharePoint Online modern sites SharePoint Framework client-side web parts Office 365 Groups/Microsoft Teams Remote provisioning Power BI

17 Main Functionalities GDPR Dashboard
Data repository based on SharePoint Online Custom pages for data management Insert Request client-side web part Insert Event/Incident client-side web part Basic sample flows for tasks management Tasks Management client-side web part GDPR Hierarchy client-side web part General capabilities

18 General Capabilities Automated setup and provisioning
General documentation Customizable model Open for community contribution It’s open source!

19 Demo Lap around GDPR Activity Hub

20 Wrap up! Be prepared for GDPR
Almost every business is impacted! Start the assessment of your IT infrastructure Give an eye to the GDPR Activity Hub

21 Thank you!

22 Please evaluate this session
Tech Ready 15 5/29/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite Phone: download and use the Microsoft Ignite mobile app Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 5/29/2018 9:54 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Understanding EU GDPR from an Office 365 perspective"

Similar presentations

Create beautiful, fast, interactive pages in SharePoint

Create beautiful, fast, interactive pages in SharePoint
Building Compliant Team Sites

Building Compliant Team Sites
Azure on Steroids: Full Automation with PowerShell

Azure on Steroids: Full Automation with PowerShell
Cloud Security IS Application-Centric Security

Cloud Security IS Application-Centric Security
6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee Welly.Lee@microsoft.com.

6/5/2018 1:30 PM THR1029 Spend less time managing data and more time with customers: Quick tour of Outlook Customer Manager Welly Lee
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Azure Cloud Shell Magic of Modern Command-line Management

Azure Cloud Shell Magic of Modern Command-line Management
6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.

6/19/2018 2:57 AM THR3092 Monitor and investigate actions on your user and data with alerts, insights and reports Binyan Chen Program Manager II, Office.
Azure SDKs and Tools for You

Azure SDKs and Tools for You
6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,

6/26/2018 5:24 AM THR1083 Enabling Advanced Security Capabilities: Drive consistent authorization across multiple applications Bryan Bolling Solution Architect,
Do more with Microsoft Word and Office 365

Do more with Microsoft Word and Office 365
Decoding audit events in Microsoft Office 365

Decoding audit events in Microsoft Office 365
Optimizing Microsoft OneDrive for the enterprise

Optimizing Microsoft OneDrive for the enterprise
Build data-driven solutions using Microsoft Visio

Build data-driven solutions using Microsoft Visio
What a Real, Functioning DevOps Team Looks Like

What a Real, Functioning DevOps Team Looks Like
Protect sensitive information with Office 365 DLP

Protect sensitive information with Office 365 DLP
8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.

8/6/2018 3:21 AM THR2261 Groups, and Teams and Sites, Oh My! The Ultimate Office 365 Groups Teardown John Peluso SVP Product Strategy, AvePoint Inc. Microsoft.
SQL Server on Linux on All-Flash Arrays

SQL Server on Linux on All-Flash Arrays
Microsoft Planner: How to manage your team’s work in Office 365

Microsoft Planner: How to manage your team’s work in Office 365
Excel and Power BI Better Together Democratization of data

Excel and Power BI Better Together Democratization of data

Similar presentations

Ads by Google