On the 25th of May 2018, General Data Protection Regulation (GDPR) will come into effect. Microsoft is committed to ensuring Dynamics 365 is fully compliant, which includes ensuring Microsoft servers are located within the EU.
At the most recent Microsoft Inspire event, held in Washington DC, GDPR and compliance were shown to be a focal point for Microsoft who is working hard towards educating clients on how to become GDPR ready, as well as ensuring they are compliant themselves.
Microsoft has rolled out new contractual commitments to the General Data Protection Regulation, which is hoped to gain customer trust, Microsoft has reiterated its focus on security, privacy, compliance and transparency. The new contractual commitments guarantee you will be able to:
• Respond to requests to correct, amend or delete personal data.
• Detect and report personal data breaches.
• Demonstrate your compliance with the GDPR.
Microsoft is the first global cloud services provider to offer these commitments publicly.
How is Microsoft Dynamics 365 GDPR ready?
Microsoft has designed Dynamics 365 with industry leading security measures and privacy policies to ensure your data is safe and secure in the cloud, which includes the categories of personal data identified by the GDPR.
Regulating who has access to personal data is fundamental to securing your data as data security is a critical requirement of the GDPR. Dynamics 365 allows you to control and manage access to your data in several ways:
Role-based security in Dynamics 365 enables you to group a set of privileges that limit the tasks that can be performed by individual users. This is an important function, especially when people change roles within an organisation.
Record-based security in Dynamics 365 allows you to restrict access to specific records.
Field-level security in Dynamics 365 enables you to moderate access to specific high-impact fields, such as personally identifiable information.
Protecting personal data is also an essential requirement of the GDPR, Dynamics 365 is designed to enhance and optimise the security of your data:
Security Development Life-cycle is a necessary Microsoft process which embeds security requirements into each phase of the development process. Dynamics 365 itself has been built using the Security Development Lifecycle.
Encryption in transit between your devices and our data centres, as well encryption when saved within Microsoft databases, this helps protect your Dynamics 365 data.
How does Microsoft manage privacy?
Privacy is a core priority for Microsoft, they are keen to ensure customers know you are the owner of your data, Microsoft will never mine your data for advertising purposes, and if you ever cancel the service, you can take your data with you. Microsoft sees themselves as the custodian of your data when using Dynamics 365; this means they will only use your data for purposes that are consistent with the service you subscribe to, they also prevent mingling of your data with that of other companies.
Microsoft has gone above and beyond to show how they are GDPR ready; they have in place commitments on security, privacy, security and transparency which puts users minds at ease. Making sure your company is GDPR ready can sometimes be a daunting task. However, Microsoft has introduced some key features within Dynamics 365 to help manage this task.
For full details visit Microsoft trust centre here: https://www.microsoft.com/en-us/trustcenter/default.aspx
Microsoft can only go so far to help your company in becoming GDPR compliant. If you need further advice, SeeLogic offers a range of consultancy services which can help ensure compliance and reduce the risk of fines.
Contact us to find out more.