Welcome to Day 17 of Business Self-Defense from Microsoft Canada. Today we build on our last post, “The compliance opportunity,” by spotlighting the Microsoft 365 GDPR action plan. Developed in partnership with Protiviti, a Microsoft partner specializing in compliance, this action plan can help inform your new compliance strategy.
Remember: GDPR applies no matter where you’re located, including Canada. If you handle any customer data from the EU, compliance is a must!
First 30 days to GDPR
In the first 30 days, the Microsoft 365 GDPR action plan prioritizes a few key areas. First, you must conduct several assessments. Second, you need to find an advisory partner to perform a gap analysis and develop a road map that charts your journey to compliance. And third, you need to identify the types of personal data you store and where it resides.
First 90 days to GDPR
In the next 60 days, you start implementing compliance requirements using Microsoft 365 data governance capabilities. You use Microsoft 365 to prevent data breaches and implement protections for personal data, such as protecting user accounts to using data loss prevention (DLP) policies to identify and protect sensitive data.
Beyond 90 days
Use Microsoft 365 advanced data governance tools and information protection to implement and monitor your operations, including your cloud applications. Ensure you handle personal information compliantly, including how long you retain it. And address organizational, regional, and local data residency requirements as well.
Get the ebook
Download your free copy of the ebook, GDPR and Microsoft 365: Streamline your Path to Compliance, to learn how to:
- Assess and manage compliance risk
- Streamline processes
- Get actionable insights
- Protect personal data