I noticed this article while browsing TechRepublic and I'm impressed at Microsoft's response to what is perhaps a lacklustre approach to GDPR in Europe and around the world. It seems hard for organisations to navigate the new regulations - not only to understand the level of readiness required for compliance but also to comprehend the sheer scope and scale of the upcoming law.
Offering tools to essentially run a 'pre-audit' on Microsoft systems for GDPR won't be the end-all for an organisation's compliance. It won't even represent a single tick in your checklist of 'things to do for GDPR'. But it will give guidance to lost wayfarers navigating a vast sea of ambiguous guidance and information around the regulations, by offering advice for improving security and processes internally.
Note this only covers Windows services. It is primarily aimed at the cloud - so all you hardy users of Linux, Mac and other UNIX-based systems are not likely to benefit.
You're not on your own, however, and there are ways to move forward without the help of Microsoft - and this is probably the more comprehensive way to approach it. Have a look at the (not-very-exhaustive) list below as a guide for how to get started on GDPR.
- Audit to find personal data. Determine where and how they are stored, and how they are accessed.
- Receive recommendations based on the report to improve internal processes, security, hire a data protection officer (DPO) if necessary, suggest where PRIAs (privacy risk impact assessments) can be made on the most sensitive/critical areas of the business.
- Secure data and the means by which they are processed, encrypt/obfuscate/pseudonymise personal data, put data loss prevention measures in place, and perform gap (penetration and vulnerability) scanning and testing.
- Ensure reporting procedures are in place for breaches.
- Begin reporting on all the above in-line with compliance procedures (you may want a DPO for this).
This does not represent everything that needs to be done. For a more in-depth look at the GDPR, watch this space, and in the meantime head here for our overview.
Keeping up to date on data protection and management regulations can be difficult even for the largest and most sophisticated organizations, but there are some steps enterprises can take to mitigate the risks. Microsoft, for example, offers a helpful set of tools that will assess your enterprise's readiness to comply with the provisions of the General Data Protection Regulation (GDPR) as promulgated by the European Union. The law goes into effect soon and the general consensus is that many enterprises are simply not ready for it.