5 things you need to know about GDPR before it's too late
The EU General Data Protection Regulation (GDPR) was developed to create cohesive data privacy laws across Europe that serve to protect all EU citizens. It replaces Data Protection Directive 95/46/EC, and differs in a number of significant ways, such as:
- Larger jurisdiction—The GDPR will apply to all companies that process the personal data of anyone living in the European Union, regardless of the company's location.
- Fines—Organizations including controllers and processors…
GDPR Compliance: How Microsoft Meets Your Needs
- Consent—Requests for consent must be in a clear, easily accessible manner—and must be distinguishable from other matters. In addition, consent must be as easy to withdraw as it is to give it.
- Breach Notifications—The notification of a breach will be mandatory—and must be completed within 72 hours of an organization first having become aware of a breach
- Privacy—The GDPR requires that data protection
For a full list the most important changes between the GDPR and the Data Protection Directive 95/46/EC, visit GDPR Key Changes.
The GDPR applies to organizations within the European Union, as well as companies located outside of the EU. Basically, any organization that offers goods or services to, or monitors the behavior of, EU data subjects, are impacted by the GDPR. Regulations apply to both controllers and processors, which means that "clouds" are not exempt from GDPR enforcement.
How Services in the Cloud Storage Can Help
Because brands that provide services to millions of people around the world are obligated to uphold the laws of the countries where they do business, it behooves organizations that also do business in those countries to work together. And whether you're a multi-national corporation, or a small web-based business that reaches customers in the EU, by choosing cloud services provided by a global partner who is committed to adhering to the GDPR, you can work your way toward GDPR compliance without ever lifting a finger.
For instance, Microsoft Office 365 includes measures that comply with the GDPR's data protection policy guidelines, as well as its security threat protection mandate. And because Office 365 is cloud-based, it allows you to passively stay up-to-date and gives your organization more time to focus on the "bigger picture" implications of the GDPR
Because the GDPR hasn't been enacted yet, it's difficult to know which organizations, cloud or otherwise, will be compliant at its launch. However, in order to find the tools your organizations need to solidify its own compliance you'll need to seek out companies now that have pledged compliance.
Many organizations have publicly vowed to achieve compliance by the time that the GDPR is enacted. A quick online search and/or an email or phone call with representatives from the organizations that you do (or are considering doing) business with are good first steps. Beyond that, consider asking your resident technology expert to vet the practices of your partners to determine whether they're the right fit for your organization in the age of the GDPR. If you don't have a tech expert you can help, you may consider hiring a technology consulting firm to vet your partners for you. After all, the cost of non-compliance will be steep, so protecting yourself is imperative – not only to your bottom line and your customer base, but indeed, to the future of your company.
Learn how Office 365 prioritizes security and compliance in our free eBook, "Meet evolving eDiscovery challenges in a cloud-first world."
Get started with Office 365
It’s the Office you know, plus the tools to help you work better together, so you can get more done—anytime, anywhere.Buy now
Sign up for updates
It's the Office you know, plus tools to help you work better together, so you can get more done-anytime, anywhere.