GDPR
What is GDPR?
GDPR provides people with the ability to manage personal data collected within their organization. Use these permissions through a data subject request (DSR). Organizations must provide timely information on DSRs and data breaches, and perform data protection impact assessments (DPIA).
When implementing or evaluating GDPR requirements, there are several points that should be considered:
Develop or evaluate privacy principles for your data for GDPR compliance.
Assess your organization's data security.
Who is your data controller?
What data security procedures may be required?
GDPR’s recommended actions and compliance checklist may provide additional points for consideration.
The following tasks are relevant to achieving GDPR standards. Please follow the links in the listing for implementation details.
Data Subject Requirements (DSR). A formal request from the data subject to the controller for action (change, restriction, access) to his or her personal data.
Breach notification . Under the GDPR, a personal data breach is “a breach in the security of personal data that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or processed.”
Data protection impact assessment. The GDPR requires data controllers to prepare a data protection impact assessment (DPIA) for data operations that “may result in a high risk to the rights and freedoms of natural persons.”
As noted above, the GDPR Recommended Actions and Responsibility Checklist provide guidance for implementing or assessing GDPR compliance when using Microsoft products and services.