GDPR

What is GDPR?

GDPR provides individuals with control over the personal data collected by organizations. These rights are exercised through Data Subject Requests (DSRs). Organizations must provide timely information on DSRs and data breaches, as well as conduct Data Protection Impact Assessments (DPIAs).

Here are some key considerations when implementing or assessing GDPR requirements:

• Develop or assess your privacy principles for GDPR compliance data.
• Evaluate your organization's data security.
• Who is your data controller?
• What data security processes might need to be implemented?

GDPR Action Plan and Responsibility Readiness Checklist can prompt further considerations.

The following tasks are relevant to achieving GDPR compliance. Follow the links in the list for details on implementation.

• Data Subject Requests (DSRs) . A formal request by a data subject to a controller to take action (change, restrict, access) on their personal data.
• Breach Notification . Under GDPR, a personal data breach is "a security breach leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, transmitted, stored or otherwise processed personal data."
• Data Protection Impact Assessments . The GDPR requires data controllers to prepare a Data Protection Impact Assessment (DPIA) for data processing operations that are "likely to result in a high risk to the rights and freedoms of natural persons."

As stated, the GDPR Action Plan and Responsibility Readiness Checklist provide guidance for implementing or assessing GDPR compliance when using Microsoft products and services.