If you store or process customer data, chances are you are fully aware of your obligations under GDPR (General Data Protection Regulation). Whilst many see Cloud applications such as Office 365 as being a risk factor, the opposite is true. The use of Cloud services can ease compliance and reduce the burden and cost to your business. The use of Office 365 will not only deliver tangible business benefits in terms of operations, but it also features a suite of compliance tools that can ease regulatory compliance.
Office 365 and Financial Services
Many of our customers, particularly those in regulated sectors such as financial services and insurance are concerned about compliance. These customers will often ask about the security and the regulatory implications of using a cloud service such as Office 365. Microsoft has a wealth of information outlining their approach to Office 365 compliance, trust and security. The UK FCA has also discussed the use of cloud extensively – which is also referenced in a paper by Microsoft.
We have assisted many companies to migrate to Office 365, all of whom benefit from Exchange Online, Office, Yammer, Teams and the use of Sharepoint. The security, privacy and compliance toolsets also businesses enhance security and compliance with GDPR.
Office 365 Compliance Tools
A key part of GDPR is understanding what personal data you hold and where it resides. Office 365 can assist with that process:
- Data Loss Prevention (DLP) is a built-in feature of Office 365, allowing you to configure actions that trigger when sensitive or personal information is detected, helping to block deliberate and accidental disclosure. DLP can recognise 80 common sensitive data-types covering financial services, healthcare and PII (personally identifiable information). DLP in Office 365 can be used alongside a wider range of DLP solutions.
- eDiscovery search allows you to search meta-data and other textual information contained within e-mail and Sharepoint, helping you to identify documents or content that may be subject to a compliance investigation or similar request.
- Customer Lockbox allows you to set explicit data access rules that allow you to remain in control in the event you require tech support or assistance from Microsoft. All actions are logged and audited.
- Advanced Data Governance uses machine learning and similar technologies to help your business discover, find, classify and configure policies on data, throughout the whole data life-cycle.
After discovery and classification, protection is fundamental to GDPR. Office 365 has several mechanisms that can safeguard and secure your data:
- Advanced Threat Protection scans for viruses, malware and other threats. Policies help prevent malicious attachments landing with your users and the scanning engine can detect high-risk links contained in e-mail.
- Advanced Security Management spots trends such as high-risk or abnormal usage. This visibility can alert you to potential breaches.
- Audit Logs provide comprehensive logging and reporting about what activity your users are undertaking, allowing you to detect and investigate security and compliance issues.
- Threat Intelligence provides deep insights, leveraging Microsoft’s extensive reach and business scale, allowing them learn about new and emerging threats before they can impact your business.
To check your Office 365 compliance, the following are great resources:
- Microsoft Compliance Reports – https://servicetrust.microsoft.com/Documents/ComplianceReports
- Microsoft Trust Documents – https://servicetrust.microsoft.com/Documents/TrustDocuments
- Microsoft GDPR – https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
- Microsoft GDPR Statement of Compliance – https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/
Find out more about Office 365
If your business has GDPR obligations and you want to achieve or remain compliant, you should consider Office. Office is an excellent cloud solution for business but it can also solve many of the GDPR headaches IT departments are facing. If you would like advice or a partner to work with you on your GDPR initiatives, please get in touch firstname.lastname@example.org or 01624 777837.