What is GDPR?
GDPR – the General Data Protection Regulation is a regulatory framework adopted by the EU to strengthen data protection and give control back to EU residents over their personal data. Adopted in April 2016, the regulations become enforceable on May 25, 2018.
How Does GDPR effect my organization?
If you are not an EU based business, you may not think that GDPR has any effect on you, but you would be wrong. Instead, the scope of the law is extended to foreign companies that process data of EU residents. So even if you are based in the US, you may have the personal data of EU residents in your databases. According to the European Commission “personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
Dynamics 365 and GDPR
Now if you use Dynamics 365 it is very likely that you may have collected personal data from your clients, web forms, Voice of the Customer surveys or LinkedIn. All of this collected data must be handled very carefully to ensure that no data breaches occur and that it is handled in a prescribed manner. Dynamics 365 and Office 365 have very robust security models that are designed around protecting data, but no system is perfect and every organization should perform a security assessment.
Microsoft and the Compliance Manager
Microsoft has a vested interest in ensuring that its clients are compliant with GDPR and has been at the forefront of providing resources so those clients have a clear path to compliance. Over the past two years the Microsoft Cloud, including Dynamics 365, Office 365 and Azure have developed the technology and contractual commitments to aid in this compliance. The Microsoft Trust Center (
The Compliance Manager tool includes the following capabilities:
- Intelligent scoring that reflects your organization’s compliance posture against data protection regulations and standards.
- Recommended actions for business policies and cloud-based features and services that improve your organization’s data protection capabilities and regulatory compliance posture.
- Activity and evidence tracking that helps you centralize your organization’s compliance-related activities and provides a secure evidence repository that is accessible only by authorized individuals in your organization.
- Detailed reports of assessment activities that combine Microsoft’s and your organization’s assessment information into a single Excel file that can be provided to internal and external auditors and regulators.
The dashboard shows progress for actions that need to be completed by Microsoft as well as actions that need to be completed by the organization.
To read more and view illustrations, visit our