GDPR

In May 2018, a European privacy law, the General Data Protection Regulation (GDPR), is due to take effect. The GDPR imposes new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents. The GDPR applies no matter where you are located.

Although IT is certainly critical in achieving compliance, the GDPR goes way beyond the IT department – but you’ll definitely require IT to help you shape the processes and engineer systems to establish “privacy by design” and implement record-keeping duties. You will, of course, need highly qualified people, trained to know exactly which requirements to meet and what processes to put in place to achieve compliance. Still, there will be many other people whose jobs involve working with data, who tend to be more aware of the opportunities than of the risks this presents.

Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both  EU-U.S. Privacy Shield and  EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. We want to help you focus on your core business while efficiently preparing for the GDPR.

Microsoft is committed to GDPR compliance across our cloud services when enforcement begins May 25, 2018, and provide GDPR related assurances in our contractual commitments.

https://www.microsoft.com/en-us/trustcenter/compliance/eu-model-clauses

Cloudacity Bvba, uses Microsoft 365 and Microsoft Azure services in a strategic subcontracting partnership where Microsoft functions in a role of processor.

How can Microsoft Office 365 and Microsoft Azure help you to achieve compliancy ?

Microsoft Office 365 offers a complete, intelligent end-to-end protection toolkit, and applies to every part of your chain of security measures.

Exchange Online Protection helps to protect information with advanced capabilities. Anti-malware and anti-spam filters protect your mailboxes. Redundant servers, and a team of security experts around the world monitor Exchange Online day and night to protect your data.

Office 365 Advanced Threat Protection helps secure your mailboxes, files, online storage and applications against new, advanced attacks. With Secure Attachments you can prevent malicious attachments from affecting your e-mail environment, even if the signatures of the attachments are not known. All suspicious content goes through real-time behavior-based malware analysis in which Machine Learning techniques check the content for suspicious activity. Unsafe attachments are isolated in a sandbox before being sent to recipients. Safe links is an extension of this and protects your environment when users click on a link. The URLs are examined in real time when a user clicks on them. With reporting and message tracking you can investigate messages that have been blocked due to unknown viruses or malware, with the possibility of URL tracking you can keep separate malicious links in the messages that are clicked.

Information Rights Management offers the possibility to enforce the distribution of confidential proprietary information through a company policy.

BitLocker Drive Encryption is an integral security feature in the Windows operating system that helps protect data stored on fixed and removable data drives and the operating system drive. BitLocker helps protect against “offline attacks,” which are attacks made by disabling or circumventing the installed operating system or made by physically removing the hard drive to attack the data separately. For fixed and removable data drives, BitLocker helps ensure that users can read the data on the drive and write data to the drive only when they have either the required password, smart card credentials, or are using the data drive on a BitLocker-protected computer that has the proper keys. BitLocker protection on operating system drives supports two-factor authentication by using a Trusted Platform Module (TPM) along with a personal identification number (PIN) or startup key as well as single-factor authentication by storing a key on a USB flash drive or just using the TPM

Windows Defender Antivirus keeps your PC safe with trusted antivirus protection built-in to Windows 10 and Server 2016. Windows Defender Antivirus delivers comprehensive, ongoing and real-time protection against software threats like viruses, malware and spyware across email, apps, the cloud and the web.

Windows Intune enables secure mobile productivity and defines a mobile management strategy that fits the needs of your organisation. Apply flexible mobile device and app management controls that let employees work with the devices and apps they choose while protecting your company information.

Microsoft developed Azure based on industry-leading security and privacy measures to protect your data in the Cloud, helping Microsoft Azure mitigate risks and comply with the GDPR.

A GDPR requirement is to identify which data you have and control who has access to it. Azure allows you to manage the identity of users and their data and control access to your data using Azure Active Directory, for example, ensuring that only users have access to your computer structure, data, and applications.

Multifactor authentication delivers strong authentication with a range of verification methods while providing a simple sign-in process. Azure Multi-Factor Authentication (MFA) is Microsoft’s two-step verification solution. Azure MFA helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It delivers strong authentication via a range of verification methods, including phone call, text message, or mobile app verification.

Two-step verification is a method of authentication that requires more than one verification method and adds a critical second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods:

  • Something you know (typically a password)
  • Something you have (a trusted device that is not easily duplicated, like a phone)
  • Something you are (biometrics)

An Azure network security group can contain multiple inbound and outbound security rules that enable you to filter traffic to and from resources by source and destination IP address, port, and protocol.

Azure Information Protection (sometimes referred to as AIP) helps an organization to classify, label, and protect its documents and emails. This can be done automatically by administrators who define rules and conditions, manually by users, or a combination where users are given recommendations.

Azure Security Center provides unified security management and advanced threat protection across hybrid cloud workloads. With Security Center, you can apply security policies across your workloads, limit your exposure to threats, and detect and respond to attacks.

Azure Data Encryption supports various encryption models.

You can protect Windows and Linux virtual machines by using Azure disk encryption, which uses Windows BitLocker technology and Linux DM-Crypt to protect both operating system disks and data disks with full volume encryption.

Encryption keys and secrets are safeguarded in your Azure Key Vault subscription. By using the Azure Backup service, you can back up and restore encrypted virtual machines (VMs) that use Key Encryption Key (KEK) configuration.

Azure can encrypt data at rest and even in transit.

Azure Log Analytics provides security audit and logging options.

Azure Monitoring monitors your infrastructure in real time so that availability and reliability of your systems are improved and proactively managed.

With Azure Backup, data is backed up and encrypted on on-premises and Cloud servers, Azure File Shares and more …