Microsoft on the GDPR
Microsoft has posted a set of webinars which explain how Microsoft 365's built in tools can help businesses comply with the requirements of the General Data Protection Regulation, which becomes enforceable on May 25, 2018. The first of these webinars discusses securing personal data. The Tip of the Night for March 14, 2018 explained how the Office 365 compliance manager can help track compliance with the GDPR. 365 can do far more than just this, and helps users identify when specific files have data covered by the GDPR.
365 can assist with information protection through data loss prevention policies that restrict the flow of information, and synch with Exchange, OneDrive, SharePoint, and MS Office desktop programs. Azure Information Protection can be used to locate unprotected data, apply encryption to it, or expire it. Azure Advanced Threat Analytics can protect user credentials in the on-premises active directory.
These screen grabs from the webinar demonstrate how One Drive automatically identifies information with protected data. 365 can detect when a Word document contains personal information protected by the GDPR as shown in this example:
Other types of sensitive information such as credit card numbers can also be detected and flagged in One Drive as shown in this example for an Excel file.
When a user attempts to email an attachment to someone outside his or her organization that should not have access to the data, they will receive a warning:
365 can be configured to prevent such a file from being forwarded altogether.
Specific policies can be set up in Data Loss Prevention for different types of PII.
When account numbers and other such information are entered in a Word document, a user will automatically receive a warning about the PII.
When the Word document is saved, a watermark is automatically added . . .
. . . and a footer with a confidentiality caption is inserted.
In addition, the file is automatically encrypted.
The watermark and encryption stays with the document no matter where it is stored.
Azure's Information Protection Scanner reviews on-premises repositories for certain information types., and automatically marks files as confidential. It will generate a log that can be filtered to list the confidential files.
Azure information protection extends to SAS applications.