The GDPR (General Data Protection Regulation), is a European privacy law due to take effect on MAY 2018. Have you already assessed your level of readiness before it takes effect?

What is GDPR? The European Union (EU) has been at the forefront of regulatory developments in data privacy and protection for the past decades. The EU has adopted new legislation that will expand the existing privacy rights of EU residents while imposing a broad range of additional compliance obligations on businesses operating both in and outside the EU. The new legislation – known as the General Data Protection Regulation (GDPR) – will become enforceable on May 25, 2018. It entails numerous requirements that all companies need to observe.

So, how does this affect Australian businesses? Recognizing that data can travel well beyond the borders of the EU, GDPR provides protection to EU citizens no matter where their data travels. This means that any company, anywhere, that has a database that includes EU citizens is bound by its rules. Businesses of all sizes are affected — from micro to multinational. No one is exempt. Australian companies can either block EU users altogether (an impossible choice) or have a process in place to ensure compliance.

Is Australia’s Notifiable Data Breach Scheme and GDPR the same? The GDPR and Notifiable Data Breach Scheme under Part IIIC of the Privacy Act 1988 (Privacy Act) share many common requirements, including to demonstrate compliance with privacy principles and obligations and to adopt transparent information handling practices but is not the same.

Notifiable Data Breach (NDB) is when personal information held by an organization is lost or subjected to unauthorized access or disclosure. It will likely result harm to an individual to whom the information relates to. The Notifiable Data Breach scheme will reinforce the protections afforded to every individual’s personal information and will minimize the damage that can result to unauthorized use of personal information. Read Notifiable Data Breach Scheme: How is your business affected?

The GDPR contains a data breach notification that is stricter than the incoming NDB regime under the Privacy Act, and enforcement powers which are significantly more severe.  Under the GDPR, administrative fines of up to GBP 20 million or 4{da6c7c878f3351e9472074d056249a3aa3e214818180bdbccb42739bc5021169} of annual worldwide turnover (which is higher) can be imposed on certain types of contraventions.

How to comply with NDB Scheme before the deadline on February 22, 2018?

How Microsoft products and services help you with GDPR compliance?

To comply with the GDPR requirements, Microsoft Products and Services are available to help you. Through Microsoft cloud services and on-premises solutions which can help with simplifying your management and monitoring of personal data, build a more secure environment, locate and collect personal data in your systems, and give you the tools and resources you need to meet the GDPR reporting and assessment requirements.

About Microsoft Products and GDPR

Microsoft Azure

Microsoft designed Azure with industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Azure can help you on your journey to reducing risks and achieving compliance with the GDPR. Identifying what data, you have and controlling who has access to it is a critical requirement of the GDPR. Azure enables you to manage user identities and credentials and control access to your data in several ways. For more information, please visit Azure Security Services and Technologies.

Microsoft Dynamics 365

Microsoft designed Dynamics 365 with industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Dynamics 365 can help you on your journey to reducing risks and achieving compliance with the GDPR. Controlling who has access to personal data is a key to securing that data, and data security is a critical requirement of the GDPR. Dynamics 365 enables you to manage and control access to your data in several ways. For more information please visit Dynamics 365 Trust Center.

Microsoft Enterprise Mobility + Security

Securing and managing personal data is critical to you, your customers, and to complying with the coming requirements of the GDPR. Microsoft designed Enterprise Mobility + Security to safeguard customer data both in the cloud, and on-premises, with industry-leading security capabilities. This includes personal data no matter where it might travel across your users, devices, and apps. Enterprise Mobility + Security offers innovative technology and solutions today that can help you on your journey to reducing risks and achieving compliance with the GDPR. Microsoft designed Enterprise Mobility + Security with industry-leading security capabilities to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Enterprise Mobility + Security can help you on your journey to reducing risks and achieving compliance with the GDPR. The GDPR obligations include discovering what personal data you hold and where it resides, controlling how your users access and use personal data, and establishing security controls to prevent, detect, and respond to vulnerabilities and data breaches. For more information please visit Microsoft Enterprise Mobility + Security site.

Microsoft Office and Office 365

Microsoft designed Office and Office 365 with industry-leading security measures and privacy policies to safeguard your data in the cloud, including the categories of personal data identified by the GDPR. Office and Office 365 can help you on your journey to reducing risks and achieving compliance with the GDPR. One essential step to meeting the GDPR obligations is discovering and controlling what personal data you hold and where it resides. There are many Office 365 solutions that can help you identify or manage access to personal data. For more information please visit Office 365 Trust Center.

Microsoft SQL Server/Azure SQL Database

Microsoft designed SQL Server and Azure SQL Database with industry-leading security measures and privacy policies to safeguard your data in the database, including the categories of personal data identified by the GDPR. Built-in SQL security capabilities can help you on your journey to reducing risks and achieving compliance with the GDPR. Controlling who has access to your database and managing how data is used and accessed is a critical requirement of the GDPR. SQL Server and Azure SQL Database provide controls for managing database access and authorization at several levels. For more information, please visit Security Center for SQL Server Database Engine and Azure SQL Database.

Windows 10 and Windows Server 2016

Microsoft designed Windows 10 and Windows Server 2016 with industry-leading security measures and privacy policies to help safeguard your data in the cloud, including the categories of personal data identified by the GDPR. The security capabilities available today in Windows 10 and Windows Server 2016 can help you on your journey to reducing risks and achieving compliance with the GDPR. A key requirement of the GDPR is protecting personal data. Microsoft believes effective security needs to be end-to-end, from the desktop to the servers where the data resides. Windows 10 and Windows Server 2016 include industry-leading encryption, anti-malware technologies, and identity and access solutions that enable you to move from passwords to more secure forms of authentication. For more information, please visit our overview of Windows 10 Security and Windows Server 2016 Security.

Complying with GDPR and Notifiable Data Breach requirements will be a competitive advantage. Compliance will boost consumer confidence more importantly, the technical and process improvements necessary to meet these requirements should enable efficiencies in how organizations manage and secure data.

Get ready for the new GDPR and NDB scheme privacy requirements on how you collect, store, and use personal information. Learn how moving your data to the cloud, supports compliance with Microsoft Cloud. Your business may not have the resources needed to meet requirements. Outside resources are available to provide advice and technical expertise to help you through the process and minimize internal disruption.

Motionwave Technologies is an expert service support for Microsoft business products. We can help your organization comply with the requirements and become ready by working with you. For assistance, feel free to consult our group at Motionwave Technologies.