skip to main content

Preparing for GDPR with Office 365

by Becky Driscoll : Improve

Preparing for GDPR with Office 365

As of May 2018, all organisations, whether they are within or outside the EU, will need to manage and protect their customer's data in line with the EU General Data Protection Regulation (GDPR). Any organisation transacting EU personal data, will need to implement a culture of privacy by design across their organisation. This means:

- Identifying and managing personal data across all departments

- Labelling and protecting personal data

- Putting a retention schedule in place to delete data after a certain deadline.

Office 365 incorporates privacy by design, and Microsoft has robust policies, controls, and systems built into Office 365 to help keep personal data private. Through utilising the tools in Office 365 you can architect a security, privacy and governance solution to bring your organisation into alignment with GDPR requirements.

The Toolbox of Office 365

Discover personal data:

- At Deltascheme, we teach your organisation to use Content Search and Advanced eDiscovery to identify your businesses personal data.

- We use Office 365 Advanced Data Governance (ADG), to identify, classify, and manage personal data, and implement retention policies to manage your data in line with GDPR requirements.

- We use Office 365 Data Loss Prevention (DLP) policies to classify personal data in Exchange Online, SharePoint Online, OneDrive for Business, Outlook, and Office 365 Groups, so that it is easy to identify in line with data subject requests.

Manage personal data:

The GDPR gives data subjects the right to control how their personal data is used. Office 365 makes personal data easier to quickly manage and classify in accordance with data subject wishes through the use of:

- Advanced Data Governance.

- Information Rights Management. This prevents unauthorised people within your organisation from accessing personal data in Office 365.

- SharePoint Online. Tracks and manages data subject rights requests.

Protecting personal data:

The GDPR requires organisations to put protective measures in place, to demonstrate that businesses have taken every possible action to protect their customer’s data. We can help you implement Microsoft **Office 365** and related tools across your organisation, to enable you to protect personal data in the following ways:

- Adjust privacy settings in Word, Excel, and PowerPoint to limit Office applications connection to the internet

- Limit access to shared files or folders in OneDrive for Business and manage who can view or edit the files.

- Use the option to encrypt Word, Excel, and PowerPoint documents with password protection.

- Use Azure Information Protection for encryption and rights management.

Reporting:

The GDPR sets new standards in transparency, accountability, and record-keeping. Organisations processing personal data will need to keep detailed records to be compliant. Microsoft Office 365 provides the tools to help meet data reporting requirements and Deltascheme has the expertise to help you implement them successfully.

- Use the Unified Audit log to track and record processing activities across the Office 365 environment

- Use Exchange Message tracking to determine the recipient of an email and if it was received, rejected, deferred, or delivered.

- Use the Office 365 Management Activity API to identify user sharing activities in Exchange Online and SharePoint Online.