What is GDPR?
The GDPR provides people with the authority to manage personal data collected in an organization. These permissions are used through a Data Subject Request (DSR). Organizations must provide current information on DSRs and data breaches, and perform data protection impact assessments (DPIAs).
When implementing or evaluating GDPR needs, there are several points to consider:
Develop or evaluate the Privacy Principles of your GDPR-compliant data.
Assess your organization's data security.
Who is your data controller?
What data security procedures might there be that must be implemented?
The GDPR's suggested course of action and accountability checklist may prompt additional considerations.
The following tasks are relevant to achieving GDPR standards. Please follow the links in the list for details on the implementation.
Data Subject Request (DSR). A formal request made by the data subject to the controller to take action (modification, restriction, access) to their personal data.
Breach notification. Under the GDPR, a personal data breach is "a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, stored or processed."
Data Protection Impact Assessment. The GDPR requires data controllers to prepare data protection impact assessments (DPIAs) for data operations that "may result in a high risk to the rights and freedoms of natural persons".
As mentioned above, the GDPR's Recommended Actions and Responsibilities Checklist provide guidelines for implementing or evaluating GDPR compliance when using Microsoft products and services.