Discover and identify your GDPR data, the processes behind it and where it is stored
Control the practices of handling and accessing this personal data
Implement stringent policies with EMS tools to prohibit, identify and respond to any data violations
Ethically comply to data requests, store records and disclose incidents
The first step in becoming GDPR compliant is to understand what kinds of PII you work with, where this information is stored and being able to report on that. With Office 365 and Enterprise Mobility + Security (EMS) you can easily identify and report on over 80 default identifiable types of PII and even input your own types of sensitive information that will be found and available for classification and application of policies and controls. Reporting functionality allows you to understand to what extent you are affected by GDPR.
After you understand what PII information you're working with and where it exists you need to come up with a governance plan for that data that helps define roles, policies and responsibilities. The advanced data governance tools within Office 365 and EMS allow you to make more informed decisions around your governance plan and implement data classification systems to manually and/or automatically label and report on.
So, you have your inventory, Governance plan and Data classification labels. How do you implement this? Office 365 with EMS includes multiple tools that allow you to automatically apply policies based on data classifications. For example you can stop users from sharing PII accidently or maliciously outside of your business, lock down who has access and from where, automatically alert on suspected data breaches and automate remediated action to stop data breaches.
With GDPR you have a responsibility to report to the information body and in a reasonable time when there is a suspect breach or you could potentially face a harsher fine. With Office 365 and EMS and the above mentioned tools to inventory, classify and enforce you already have a strong set of reports which are complimented with a full suite of auditing capabilities baked into Azure, Office 365 and EMS.
Any queries you have about GDPR with Office 365 solutions please get in touch, we will be pleased to hear from you.