UPDATED 00:11 EST / MAY 26 2017

CLOUD

Joining party, Microsoft says its cloud services now comply with EU data regulations

Microsoft Corp. said it now has the means for its cloud customers to stay in compliance of the European Union’s General Data Protection Regulation, known as GDPR, which is set to come into force next year.

When it’s ushered in a year, GDPR will enforce greater privacy controls over how EU residents’ data can be used. The law applies to all residents of the EU, and also covers their data if it’s used outside the EU for any purpose. Companies that violate GDPR could be subject to fines amounting to 4 percent of their annual turnover, or €20 million, whichever is greater.

Passed in April 16, GDPR consists of a regulation and a directive. The regulation covers the protection of personal data, while the directive is focused on how companies process personal data. The directive comes into legal effect on May 25, 2018, which means companies have less than a year to make sure they comply with it.

Now, Microsoft said Wednesday, its Azure cloud service customers don’t need to worry, as it will achieve full compliance well before that date. Services including Azure and its data services, Dynamics 365, Enterprise Mobility + Security, Office 365 and Windows 10 will all be compliant, the company said.

Microsoft also said it’s offering additional services to help other organizations comply with GDPR. It’s offering a service called Azure Information Protection that enables companies to track and revoke documents. Companies can also label data using Microsoft’s Office 365 Advanced Data Governance service.

The software giant advised in its blog post that companies operating in the EU begin preparing for GDPR compliance today, and has offered the following checklist of the steps they need to take:

  • Discover the data that’s subject to the GDPR
  • Manage how personal data is used and accessed
  • Protect the data by establishing controls
  • Report on data use, including plans for managing data requests and providing public notifications about breaches

Naturally, Microsoft said its Enterprise Mobility + Security products are the best tools to carry out these steps.

In addition, the company will soon release a “Risk and Compliance” dashboard (below) for customers that indicates whether or not they’ve achieved GDPR compliance. It will arrive “later this year” and display the current state of customers’ and Microsoft’s GDPR compliance controls across multiple services.

170525riskdashboard_lg

Finally, Microsoft has added a GDPR compliance section to the Microsoft Trust Center, complete with several white papers on the topic and videos from Brad Smith, president and chief legal officer at Microsoft, and Julia White, corporate vice president at Microsoft.

In the video, Smith said there’s a good chance that GDPR may become an international standard at some point in future. “We believe the GDPR is an important step forward for clarifying and enabling individual privacy rights,” Smith said in the video. “And while it’s a regulation for Europe, in fact, it’s rapidly emerging as a new standard for the world.”

Cloud companies race to offer compliance

Besides Microsoft, other companies have been making their own efforts to ensure customers comply with the new regulations. On Thursday, data protection and information management services provider Commvault Systems Inc. announced that it too can help companies to achieve compliance. It said its Commvault Data Platform can index structured data and also locate personally identifiable information within unstructured data stored in archives, backups, endpoint protection services and cloud environments.

Google Inc. reiterated that it’s committed to helping companies comply with GDPR earlier this month. It said that both Google Cloud Platform and its G Suite productivity and collaboration applications have been certified under Privacy Shield, a standard that ensures adherence to GDPR. Amazon Web Services made a similar commitment in April.

Finally, IBM Corp. said Thursday that its Resilient Incident Response Platform for mitigating cyberattacks has been endowed with new GDPR compliance capabilities, including a new incident simulator, a privacy module and a preparatory guide. IBM Vice President of Product Management Ted Julian said companies should carry out a simulation at least four times a year to identify gaps and familiarize themselves with the new regulations.

Image: Harakir/Pixabay

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU