GDPR

What is the GDPR?

The GDPR gives individuals control over their personal data collected by organizations. These rights are exercised through Data Subject Requests (DSRs). Organizations must provide timely information regarding DSRs and data breaches, as well as conduct Data Protection Impact Assessments (DPIAs).

When implementing or assessing GDPR requirements, consider the following:

• Develop or evaluate your privacy policy for GDPR compliance.
• Assess your organization's data security.
• Who is your data controller?
• What data security procedures might need to be implemented?

Suggested action plan for GDPR and accountability readiness checklist may prompt additional considerations.

The following tasks are related to achieving GDPR standards. Follow the links in the list for implementation details.

• Data Subject Requests (DSRs). A formal request made by a data subject to a controller to take an action (change, restrict, access) regarding their personal data.
• Breach Notification. Under the GDPR, a personal data breach is “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.”
• Data Protection Impact Assessments. The GDPR mandates that data controllers prepare a Data Protection Impact Assessment (DPIA) for data operations that are “likely to result in a high risk to the rights and freedoms of natural persons.”

As mentioned above, the suggested action plan and accountability readiness checklist for the GDPR provide guidance for implementing or assessing GDPR compliance when using Microsoft products and services.