Prepare for GDPR with Azure Information Protection

Dan Ortiz

All organizations should be preparing for General Data Protection Regulation from the European Union (EU) to take effect May 25, 2018. This regulation was adopted by the EU on April 27, 2016, with the aim to protect the privacy and data collections for all individuals within the EU no matter where that data is stored. If your company collects data on individuals within the EU, then you will be affected when this new rule goes into effect. How do you adopt additional information protection measures to ensure that you do not violate this regulation?

Microsoft has proactively worked on becoming GDPR compliant by the date of enforcement and made this announcement in February 2017. The ultimate responsibility remains with each company collecting, processing, and storing information on EU citizens and residents. There are a set of online services that Microsoft offers that will help your company address this strict regulation. Azure Information Protection will protect your data in the cloud or on-premises. There are two plans, Azure Information Protection Plan 1 and Plan 2. The crux of the offerings assists in the classification, labeling, and protection of data collected and stored.

I am sure that your company sends information through email as well as attachments. How do you ensure that the person, or entity where you send the data will use the information in the way that it is intended? These plans will allow your company to mandate policies around copying data, even taking into consideration someone trying to capture a screen and send it. It will prevent printing or forwarding of information. It will let you encrypt the information with your own keys. Documents will hold a watermark in the header, footer, or in the body background. This lets the user using the information know that it is protected.

There are choices on how you implement the service. The most time-efficient would be to adopt the higher-level Plan 2 because it will automate the process for you and provide recommendations. Plan 1 is a more manual implementation. Plan 2 also provides a big differentiator to assist with the automation through the Azure Information Protection Scanner. Set policies in place, and scan your data for automated classification, labeling, and protection. There is tracking and reporting for how your data is used, and you can revoke access as well.

It’s an unfortunate fact that data breaches are going to happen to nearly every organization. Even if you don’t have users in the EU, upgrading your data protection standards can only help. Protect your data and save your company from bad press, fines, and other losses.

Connection is ready to have conversations with your company around any of your Microsoft needs. We have Cloud Specialists, software consultants, licensing specialists, concierge services, asset management specialists, and the best solutions sales consultants in the industry. We would be delighted to have the opportunity to speak with your company and assist with your transformation in this fast-moving environment.

Dan is a Business Development Manager for Microsoft at Connection with over 10 years of experience in software licensing. In his spare time Dan is an avid hiker.