Skip to main content
close search
site logo
Dive Brief

Microsoft Azure prepares data subject request capabilities for GDPR

Published April 17, 2018
By
Associate Editor
Ben Franske [CC BY-SA 4.0 (https://creativecommons.org/licenses/by-sa/4.0)], from Wikimedia Commons

Dive Brief:

  • As part of its compliance roadmap, the Azure portal will soon include data subject request (DSR) processing so customers can access a copy of data subjects' personal information; modify or delete the data from the cloud platform; and export an electronic copy to the subject or a data controller. DSR requests will locate data profiles across the Azure Active Directory, and the Azure portal will allow enterprise customers to access data in system-generated logs for the first time. 
  • In the Office 365 space, Microsoft announced a centralized DSR resources page, documentation of breach notification practices the company will carry out and audit-ready privileged admin access controls. Multi-Geo Capabilities will allow individual tenants to work across datacenter geographies, and a Data Privacy tab in Office 365 has tools to carry out a DSR.
  • In another sign of its commitment to compliance, the company brought on Steve May as European Data Protection Officer in late March. May, a longtime Microsoft insider, is now working on companywide efforts for GDPR readiness and reports directly to Brendon Lynch, chief privacy officer of Microsoft.

Dive Insight:

Microsoft has remained in the shadows and relatively unscathed by the techlash relating to data privacy practices of internet giants like Facebook and Google. But as one of the powerhouses of Silicon Valley, the company still has a lot of regulators to answer to, and the EU is emerging as a leading global enforcement body in the digital space.

Many data processors and controllers have made commitments to be GDPR ready by May 25, but without definite processes in place it can be hard for partners and customers to assess compliance. Both cloud providers and cloud tenants need to be GDPR compliant, and Microsoft is making sure it's covered.

The company is solidifying its data protection plans, rolling many out to consumers before the deadline hits. And as the second largest cloud platform, Microsoft has a large customer base depending on its GDPR tools. This latest rollout seems to indicate that Microsoft is in the final stretch of its compliance journey. Other companies, however, are not so lucky. 

More than 30% of businesses are not expected to be fully compliant by the deadline. While realization of the existential and reputational threats of the EU's regulation are setting in, a lack of understanding of where data is stored and where data centers are located still persists in many organizations. 

For some CIOs, regulatory compliance and GDPR is another responsibility being put on their busy plates. But more businesses are onboarding compliance officers and data protection officers to handle the compliance journey, spreading out the load. 

Compliance and data protection roles touch all departments, from IT to legal to HR, and fitting these leaders into existing hierarchies can be difficult for some companies. But with GDPR about five weeks away, making the commitment and carving out a position of authority to oversee the companywide compliance efforts could make all the difference.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
NeuBird Named a Cool Vendor in the 2024 Gartner® Cool Vendors™ in IT Operations Leveraging Gen…
From NeuBird
November 11, 2024
Editors' picks
Latest in IT Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell