GDPR

What is GDPR?

GDPR provides individuals with the right to manage the personal data collected within an organization. Use these rights through a Data Subject Request (DSR). Organizations must provide real-time information on DSRs and data breaches, and perform Data Protection Impact Assessments (DPIAs).

When implementing or evaluating GDPR requirements, there are a few things to consider:

• Develop or evaluate your privacy principles for GDPR compliance.
• Assess your organization's data security.
• Who is your data controller?
• What data security procedures might be necessary?

The GDPR’s suggested courses of action and responsibility preparation checklist may suggest additional areas for consideration.

The following tasks are relevant to meeting GDPR standards. Please follow the links in the list for detailed information on the implementation.

• Data Subject Request (DSR) . A formal request made by a data subject to a controller to take action (change, restriction, access) regarding their personal data.
• Breach notification . Under the GDPR, a personal data breach is “a breach in security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or processed.”
• Data Protection Impact Assessment . The GDPR requires data controllers to prepare a Data Protection Impact Assessment (DPIA) for data operations that “may result in a high risk to the rights and freedoms of natural persons.”

As described above, the GDPR Recommended Action Plan and Responsible Preparation Checklist provide guidance for implementing or assessing GDPR compliance when using Microsoft products and services.