Achieving organizational compliance can be very challenging, so understanding your compliance risk should be your top priority. Customers have told us about their challenges with the lack of in-house capabilities to define and implement controls and inefficiencies in audit preparation activities.
With Microsoft’s Compliance Manager and Compliance Score, brought to you by a strong partnership with First Technology, you are able to continuously monitor your compliance status. Compliance Manager captures and provides details for each Microsoft control, which has been implemented to meet specific requirements, including implementation and test plan details, and management responses if necessary. It also provides recommended actions your organization can take to enhance data protection capabilities and help you meet your compliance obligations.
Personal Data Protection
The Protection of Personal Information Act (POPIA) and General Data Protection Regulation (GDPR) are all about protecting the personal data of individuals—making sure there is proper security, governance, and management of such data to help prevent it from being misused or getting into the wrong hands. To help ensure that your organization is effectively protecting personal data as well as sensitive content relevant to organizational compliance needs, you need to implement solutions and processes that enable your organization to discover, classify, protect, and monitor data that is most important.
The information protection capabilities within Microsoft 365, such as Office 365 Data Governance and Azure Information Protection, provide an integrated classification, labeling, and protection experience—enabling more persistent protection of your data—no matter where it lives or travels. A proactive data governance strategy of classification of personal and sensitive data enables you to respond with precision when you need to find the relevant data to satisfy a regulatory request or requirement like a Data Subject Request (DSR) as a part of POPIA and GDPR.
Respond with confidence
Ensuring processes are in place to efficiently manage and meet certain POPIA and GDPR requirements, such as responding to DSRs or responding to data breaches, is a tough hurdle for many organizations.
To help you navigate the POPIA and GDPR resources provided across cloud services, we introduced the Privacy tab in the Service Trust Portal. It provides you with the information you need to prepare for your own Data Protection Impact Assessments (DPIAs) on Microsoft Cloud services, the guidance for responding to DSRs, and the information about how Microsoft detects and responds to personal data breaches and how to receive notifications directly from Microsoft.
Features to support DSRs
Several features help support DSRs across Microsoft Cloud services, including a Data Privacy tab in Office 365, an Azure DSR portal, and DSR search capabilities in Dynamics 365.
The Data Privacy tab, GDPR dashboard and DSR experience in Office 365 are generally available for all commercial customers. This experience is designed to provide you with the tools to efficiently and effectively execute a DSR for Office 365 content—such as Exchange, SharePoint, OneDrive, Groups and Microsoft Teams.
The Azure DSR portal is also generally available. Using the Azure DSR portal, tenant admins can identify information associated with a user and then correct, amend, delete or export the user’s data. Admins can also identify information associated with a data subject and will be able to execute DSRs against system-generated logs (data Microsoft generates to provide a given service) for Microsoft Cloud services. Other offerings from Azure include the general availability of Azure Policy, Compliance Manager for Azure GDPR and the Azure Security and Compliance Blueprint for GDPR.
Handling data breaches
The onset of GDPR also means stricter regulations that organizations must adhere to in the event of a data breach. Microsoft 365 has a robust set of capabilities, from Office 365 Advanced Threat Protection (ATP) to Azure ATP, that can help protect against and detect data breaches.
To learn more about how Microsoft and First Technology can help you easily and rapidly comply with POPIA and GDPR, you can download our latest Ebook - “Microsoft 365: The POPI Act, GDPR and Compliance”.
To learn more about useful compliance monitoring tools and how they can streamline your operations, get in touch with Jolene Strydom on jolenes@firsttechnology.co.za or call us directly on 021 525 7000.