Microsoft's GDPR Self-Assessment
Microsoft has an online GDPR self-assesement that you can take here. In consists of three stages addressing:
1. The protection of personal data.
2. Compliance risk
3. Streamling compliance processes
The points that Microsoft emphasizes for the protection of personal data include:
a. Built-in protection for data collection and processing
b. Encryption of personal data.
c. Automation of the classification of end user sensitive data
d. Controls over personal data such as multi-factor authentication and contextual access management (granting access based on a user's location, device, the type of data requested, the time of the request, and the position of the user).
e. Types of data to which control policies can be applied
f. Whether or not data subjects would be notified in the event of a breach and if the authorities would be informed in 72 hours.
g. How much data is stored in the cloud
The points that Microsoft emphasizes for compliance risk include:
a. Whether or not consent is obtained before personal data is used.
b. Notification of third party sharing details; the data retention period; and the purpose and legal basis of processing.
c. Response time for requests to stop using personal data.
d. Response time for requests to correct personal data.
e. Ability to conduct a Data Protection Impact Assessment
f. Tracking of data in and out of the European Union
g. Tracking of data to third party service providers
h. Ability to respond to a GDPR audit request
Factors for streamlining compliance processes include:
a. Testing security measures
b. Documenting, communicating and keeping track of the violation of data governance policies.
c. Automation of obtaining consent for the use of personal data.
d. Automation of corrections to personal data.
e. Development of processes to respond to GDPR audits and Data Protection Impact Assessments.