The General Data Protection Regulation
The General Data Protection Regulation (GDPR) is causing organisations to evaluate their data processing systems, especially the critical platforms they choose to enable their workforce. The systems you use to create, store, analyse, and manage data can be spread across a wide array of IT environments—personal devices, on-premises servers, cloud services, even the Internet of Things. This means that most of your IT landscape could be subject to the requirements of the GDPR.
It may require significant changes to how your business gathers, uses, and governs data. Many businesses are daunted by their compliance journey ahead. As the May 25, 2018 deadline for GDPR compliance approaches, many customers are unsure where to begin. They are looking for the technology, people, and processes that will help them comply in a sustainable manner.
25sevenIT is here to help our customers navigate this journey—we can offer consultancy, which begins with a meeting, followed by a detailed assessment questionnaire. This has been prepared with Microsoft to help identify where your business stands with respect to GDPR readiness, where you have gaps, and what recommendations we can make to help close those gaps. The overall duration for the engagement is expected to be between 3-4 weeks, while the total effort is estimated to be between 15-20 hours, depending on the complexity of your business.
Book a GDPR Assessment
- How GDPR ready you are
- Where you are vulnerable
- Recommendations for closing the gaps to compliance
The process would follow this roadmap:
Complying with the GDPR is a business-wide challenge that will take time, tools, processes, and expertise, and may require significant changes in your privacy and data management practices. Your journey to comply with the GDPR will go more smoothly if you are operating in a well-architected cloud services model and have an effective data governance program in place. Microsoft has a long history of providing cloud services and as a Microsoft Gold Cloud Services Partner, we would recommend taking a platform view—such as one encompassing Windows, Microsoft SQL Server, SharePoint, Exchange, Office 365, Azure, and Dynamics 365—can provide a clear path to ensure you comply not only with the GDPR, but also with other requirements important to you as well.
We recommend you begin your journey to GDPR compliance by focusing on four key steps:
- Discover — identify what personal data you have and where it resides.
- Manage — govern how personal data is used and accessed
- Protect — establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
- Report — execute on data requests, report data breaches, and keep required documentation.
Given how much is involved, you should not wait until GDPR enforcement begins to prepare. You should review your privacy and data management practices now.
The following Whitepaper outlines the specific elements of each component of the GDPR and describes ways that you can use products and services available from Microsoft to get started. For each of the steps, we have outlined example tools, resources, and features of the various Microsoft solutions that can be used to help you address the requirements of that step. This is intended as an introduction and your team at 25sevenIT is always available to help guide you through the process.
Beginning your General Data Protection Regulation (GDPR) Journey