GDPR

GDPR

What is GDPR?

GDPR provides people with the ability to manage personal data collected within their organization.  Use these permissions through a data subject request (DSR).  Organizations must provide timely information on DSRs and data breaches, and perform data protection impact assessments (DPIA).

When implementing or evaluating GDPR requirements, there are several points to consider:

  • Develop or evaluate privacy principles for your data for GDPR compliance.
  • Assess your organization's data security.
  • Who is your data controller?
  • Who is your data controller

GDPR Recommended Actions and Responsible Preparation Checklist may prompt additional points for thought.

The following tasks are related to meeting GDPR standards.  Please follow the links in the listing for implementation details.

  • Data Subject Request (DSR) .  A formal request by the data subject to the controller for action (change, restriction, access) to his or her personal data.
  • Breach notification .   Under the GDPR, a personal data breach is "a breach in the security of personal data that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or processed."
  • Data Protection Impact Assessment .  The GDPR requires data controllers to prepare a data protection impact assessment (DPIA) for data operations that “may result in a high risk to the rights and freedoms of natural persons.”

As noted above, the GDPR Recommended Actions and Responsibility Checklist provide guidance for implementing or assessing GDPR compliance when using Microsoft products and services.