Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
Businesses and users are going to embrace technology only if they can trust it. Satya Nadella Chief Executive Officer Microsoft Corporation COMMITMENT TO TRANSPARENCY & PRIVACY We take a principled approach with strong commitments to privacy, security, compliance and transparency. Moving to the cloud makes it easier for you to become compliant with privacy regulations by managing and protecting personal data in a centralized location. Microsoft is the industry leader in privacy and security with extensive expertise complying with complex regulations.
HOLISTIC APPROACH TO SECURITY LEADERSHIP IN COMPLIANCE COMMITMENT TO TRANSPARENCY & PRIVACY
Over 1000 controls in the Office 365 compliance framework enable us to stay up to date with the ever-evolving industry standards across geographies. LEADERSHIP IN COMPLIANCE Spain CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2 Spain ENS LOPD United Kingdom CSA CCM ENISA IAF EU Model Clauses ISO/IEC 27001, 27018 NIST 800-171 SOC 1, 2, 3 UK G-Cloud Singapore CSA CCM ISO/IEC 27001, 27018 MTCS SOC 1, 2 Japan CSA CCM CS Mark (Gold) FISC ISO/IEC 27001, 27018 Japan My Number Act SOC 1, 2 Trust Microsoft s verified services. Microsoft is regularly audited, submits self-assessments to independent 3rd party auditors, and holds key certifications. China China GB 18030 China MLPS China TRUCS United States CJIS CSA CCM DISA FDA CFR Title 21 Part 11 FEDRAMP FERPA FIPS 140-2 FISMA HIPPA/HITECH HITRUST IRS 1075 ISO/IEC 27001, 27018 MARS-E NIST 800-171 Section 508 VPATs SOC 1, 2 Argentina Argentina PDPA CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 European Union CSA CCM ENISA IAF EU Model Clauses EU-U.S. Privacy Shield ISO/IEC 27001, 27018 SOC 1, 2, Australia CSA CCM IRAP (CCSL) ISO/IEC 27001, 27018 SOC 1, 2 New Zealand CSA CCM ISO/IEC 27001, 27018 NZCC Framework SOC 1, 2
COMMITMENT TO TRANSPARENCY & PRIVACY We will stand behind you with contractual commitments for our cloud services that: Meet stringent security requirements Support customers in managing data subject requests Provide documentation that enables customers to demonstrate compliance for all the other requirements of the GDPR applicable to processors and more Microsoft was the first major cloud services provider to make these commitments to its customers. Our goal is to simplify compliance for our customers with both the GDPR and other major regulations.
Platform Intelligence Partners
Identify relevant documents Predictive coding enables you to train the system to automatically distinguish between likely relevant and non-relevant documents. Identify data relationships Use clustering technology to look at documents in context and identify relationships between them. Organize and reduce the data prior to review Use near duplicate detection to organize the data and reconstruct email threads from unstructured data to reduce what s sent to review.
Messaging Rules
Conditional Access
x2.25
Lockbox
Customer Lockbox Now we want to extend Lockbox approval to you for human access to customer content 100101 011010 100011
Threat detection Identify high-risk and abnormal usage, security incidents, and threats. Enhanced control Shape your Office 365 environment with granular security controls and policies. Discovery and insights Gain enhanced visibility and context into your Office 365 usage and shadow IT.
Advanced Threat Protection
Threat Intelligence Broad visibility into attack trends Billions of data points from Office, Windows, and Azure Integrated data from external cyber threat hunters Proactive security policy management Intuitive dashboards with drill-down capabilities
Industry Partners Antivirus Network INTELLIGENT SECURITY GRAPH CERTs Cyber Defense Operations Center Malware Protection Center Cyber Hunting Teams Security Response Center Digital Crimes Unit PaaS IaaS SaaS Identity Apps and Data Infrastructure Device
Supporting your EU GDPR compliance journey with Microsoft Enterprise Mobility + Security Grant and restrict access todata Protect data on premises and in the cloud! Detect data breaches before they cause dam age MICROSOFT INTUNE Make sure your devices are compliant and secure, while protecting data at the application level MICROSOFT CLOUD APP SECURITY Gain deep visibility, strong controls and enhanced threat protection for data stored in cloud apps CONDITIONAL ACCESS! Location Apps Risk Device Access granted to data Audit Classify!! Label AZURE INFORMATION PROTECTION Classify, label, protect and audit data for persistent security throughout the complete data lifecycle AZURE ACTIVE DIRECTORY Ensure only authorized users are granted access to personal data using risk-based conditional access Protect! MICROSOFT ADVANCED THREAT ANALYTICS Detect breaches before they cause damage by identifying abnormal behavior, known malicious attacks and security issues
How to protect data on mobile devices and apps Supporting your GDPR compliance journey with Microsoft Intune Mobile Device Management (MDM) Protect data at the device level and ensure devices are compliant, on both company-owned and users personal devices Mobile Application Management (MAM) Manage apps on enrolled devices, and keep data secure at the app level on enrolled and unenrolled devices PC Management Keep PC endpoints secure from threats and ensure that data stays protected by enforcing firewall and malware protection policies End User Transparency Terms and conditions, as well as notifications, ensure that your end users are fully aware of what data is collected and visible to IT on managed devices Manage access and control what happens to data after it s been accessed Remotely wipe all data on lost or stolen devices Copy Paste Save Enforce Windows Defender, Windows Information Protection, and overall device compliance to protect user and company data App encryption at rest Save as/copy/paste restrictions Remotely enable passcode reset, device lock, or data encryption Deploy certificates, Wi-Fi, VPN, and email profiles App access control-pin or credentials App SDK and App Wrapping Tool Not Compliant Guide to Compliance Multi-identity Support App-level selective wipe Company Data Personal Data Incorporate Intune MAM capabilities in your mobile and line-of-business apps using the Intune App SDK and App Wrapping Tool Company Data Compliant
Multi-factor authentication Data encryption User accounts Device log-ins Malware Unauthorized data access Attacks User log-ins Phishing Denial of service Enterprise security System updates
Our unique intelligence 450B 1B 400B
Microsoft does not provide legal advice. Microsoft & Partners Partners Security Data Platform Cloud Modern Workplace Privacy Controls Notifications Policies Training GDPR Workshop Risk & Data Management Foundation GDPR Program Education, Awareness, Discovery: Microsoft Roadmap Modernize your IT Environment Discover, Manage, Protect, Report (projects based on gap analysis outcomes, and roadmap alignment)
Copyright Microsoft Corporation. All rights reserved.