GDPR, the EU’s new set of data protection laws, is coming in May of 2018. It is a complete overhaul of how user data is processed by companies and will supersede Irish law, consolidating Europe’s various national laws into one comprehensive regulation. GDPR is all about accountability, and as such, places equal responsibility on both businesses who hold EU data and any third-party providers that may process/hold data on their behalf. In practical terms, that means that if you outsource any aspect of your business, such as payroll to an external HR company, then both parties must be GDPR-compliant, even if the out-sourced company is not based in or even near the EU. So what does this mean for companies who outsource data processing or host data in the cloud outside the EU? Well, it means Microsoft’s suite of cloud services such as Office 365, SharePoint and Azure are now looking a lot more appealing – as Microsoft are offering contractual commitments to their clients to comply with the GDPR in time for the May 2018 deadline.
Microsoft Cloud has promised to be GDPR-compliant as deadline looms
According to Rich Sauer, Microsoft’s Corporate Vice President, “Trust is central to Microsoft’s mission to empower every person and every organisation on the planet to achieve more. So that you can trust the Microsoft products and services you use, we take a principled approach with strong commitments to privacy, security, compliance and transparency.”
Sauer went on, “To further earn your trust, we are making contractual commitments available to you that provide key GDPR-related assurances about our services. Our contractual commitments guarantee you can:
– Respond to requests to correct, amend or delete personal data
– Detect and report personal data breaches
– Demonstrate your compliance with the GDPR
Microsoft is the first global cloud services provider to publicly offer you these contractual commitments. We believe privacy is a fundamental right. The GDPR is an important step forward to further clarify and enable individual privacy rights and look forward to sharing additional updates how we can help you comply with this new regulation and, in the process, advance personal privacy protections”
This announcement is big GDPR news, as the many companies who use Microsoft cloud products can rest easy knowing they won’t have to move their data, systems or processes away from current providers who may not be based in the EU. Businesses that do have any data/systems hosted outside the EU will have to check with their providers that they can guarantee GDPR compliance, or move them to a provider (such as Microsoft) that can grant those assurances. With Office 365 for email, SharePoint for files and Azure for cloud-hosted servers, Microsoft will become more appealing to small/medium businesses who wish to have piece of mind about the GDPR.
For more information, you can view Microsoft’s Trust Centre, which has all the information regarding their contractual commitments to GDPR compliance and the increased security measures for Office 365. For Office 365 admins, you can also log into the Security & Compliance Centre, particularly the Service Assurance tab. And of course, if you’re concerned about the wider GDPR and the changes it will bring for businesses, there are additional resources and information on our own GDPR for Businesses page.