GDPR

What is GDPR?

GDPR provides people with the authority to manage personal data collected in an organization. Use these permissions through a data subject request (DSR). The organization must provide real-time information about DSR and data leakage, as well as the implementation of a data protection impact assessment (DPIA).

When implementing or evaluating GDPR requirements, several points should be considered:

  • Develop or evaluate privacy principles for your GDPR compliance data.
  • Assess the data security of your organization.
  • Who is your data controller?
  • What are the possible data security processing procedures that must be implemented?
  • The GDPR's suggested action plan and responsibilities checklist may prompt other considerations.

The following tasks are related to achieving GDPR standards. Please follow the links in the list to get detailed information about the implementation.

Data Subject Request (DSR). The data subject makes a formal request to the controller to take action (change, restriction, access) of his personal data.

Leakage notice. Under the GDPR, personal data leakage is "a security breach that leads to accidental or illegal damage, loss, alteration, unauthorized disclosure or access to the transmitted, stored, or processed personal data."

Data protection impact assessment. The GDPR requires data controllers to prepare a Data Protection Impact Assessment (DPIA) for data operations that "may lead to high risks to the rights and freedom of natural persons".

As mentioned above, the GDPR’s recommended action plan and responsibility checklist provide guidelines for implementing or evaluating GDPR compliance when using Microsoft products and services.