5 Office 365 Features That Can Help You Maintain GDPR Compliance
We all witnessed the flurry of activity that led up to May 25, 2018; the date on which GDPR became enforceable. Organisations and businesses of all types made a gargantuan effort to ensure compliance. However, GDPR compliance is not a one-off effort.
GDPR compliance involves ongoing, but difficult to enforce, habits covering the responsible use and the protection of your customer data. Most resource-pressed businesses will benefit from whatever resources are available. Enter Office 365.
Office 365 is uniquely placed
Deep diving into GDPR requirements is beyond the scope of this article, but many of these requirements centre around knowing what customer data is held, where it is held, and how to protect yourself against the loss of data. Central storage and control over data is therefore paramount.
Office 365 is a central component of IT for more than 120 million business users. With a few insights and tweaks, the central role of Office 365 can assist companies to ensure ongoing compliance with GDPR. Let's look at some of the specific features included in Office 365.
Microsoft anticipated the huge rush to compliance and stepped up with Compliance Manager, a central portal that serves to help organisations manage compliance processes. It sits next to Compliance Score and Azure Information Protection, providing actionable insights, including how Microsoft's own operations affect your compliance responsibilities.
Compliance Manager helps you to track and record compliance activities across your Office 365 tenancy. Via Compliance Manager, you can draw Excel reports outlining your compliance activities, which can be reported across to auditors and regulators. Compliance Manager can help organisations with a host of standards including ISO 27001 and HIPAA, as well as GDPR.
Remember, knowing where you store customer data is an important component of GDPR compliance. In many cases, however, customer data ends up in a variety of locations. When and where this happens, Office 365 eDiscovery can be your friend. eDiscovery in Office 365 can greatly assist you to locate private customer data across Office 365 services.
Office 365 Advanced eDiscovery allows your organisation to respond more easily and more thoroughly to a data subject request. It reduces the cost and time involved in finding customer data and can deliver more accurate results, scanning for data at a speed and breadth that no human could realistically match.
Data Loss Prevention (DLP)
It's not only data loss via outside intrusion that you need to guard against: preventing data loss as a result of authorised staff is also a high priority. This is where DLP policies step in. With DLP you can set policies that flag sensitive personal information, such as credit card data, across many Office 365 locations.
Office 365 DLP can notify your team of the location of personal data in both SharePoint and OneDrive for Business. It can also prevent the accidental sharing of personal data via channels such as email, while maintaining alerts and logs to warn accountable staff of any unauthorised sharing of personal data. DLP ticks a big box when it comes to GDPR.
Advanced Threat Protection
Protecting client data is one of the paramount principles of GDPR. Your organisation holds personally identifiable information and is obligated to protect it. However, consistently protecting data against incidental and determined intruders is very tough. Microsoft Advanced Threat Protection steps in to thwart common intrusion attempts.
Advanced Threat Protection guards against everything from domain spoofing to phishing attempts. It has recently been extended across OneDrive for Business, Office Teams and SharePoint Online. It also includes reporting and tracking features which can help you determine the cause of intrusion.
Office 365 Encryption
Perhaps one of the most undervalued benefits of Office 365 is simply this: end-to-end encryption across its services. An Office 365 subscriber can rest assured that top security measures are applied throughout services such as e-mail, SharePoint and others. This encryption layer prevents snooping and data loss.
Encryption is achievable and indeed standard with many other service providers, but Office 365 stands out because encryption is enabled by default, without requiring an intervention. This provides an immense sense of reassurance for any organisation concerned about GDPR. Default Office 365 encryption can also be extended, by enabling features such as two-factor authentication (2FA).
Harnessing Office 365 for GDPR
Office 365 offers such a vast array of features that many organisations simply never attempt to make use of them all. From a GDPR compliance perspective, businesses have a lot to lose if they do not take a deep dive into what Office 365 can really deliver.
For some readers, many of the aforementioned features will be brand new. For others, they will be familiar, but underutilised.
Engaging with existing features of your Office 365 license can streamline adherence to GDPR compliance in the long term. Ask your IT provider for help if necessary. For companies not using Office 365, the built-in GDPR compliance features may very well become an irresistible attraction.