What is the GDPR?
GDPR gives people the right to manage personal data collected in an organization. These rights are used through a Data Subject Request (DSR). Organizations must provide immediate information on DSRs and data breaches, and perform data protection impact assessments (DPIAs).
When implementing or assessing GDPR needs, there are a few points to consider:
- Develop or assess privacy principles for your data for GDPR compliance.
- Assess your organization's data security.
- Who is your data controller?
- What data security procedures may be required?
Suggested course of action for GDPR and Liability Readiness Checklist Other considerations may be prompted.
The following tasks are relevant to meeting GDPR standards. Please follow the links in the listing for details on the implementation.
- Data Subject Request (DSR) A formal request made by a data subject to a controller to take action (change, restriction, access) on their personal data.
- breach notification Under the GDPR, a personal data breach is "a breach in security that results in accidental or unlawful damage, loss, alteration, unauthorized disclosure or access to transmitted, stored or processed personal data."
- Data Protection Impact Assessment The GDPR requires data controllers to prepare a Data Protection Impact Assessment (DPIA) for data operations that "may lead to a high risk to the rights and freedoms of natural persons".
As noted above, the GDPR's recommended course of action and liability readiness checklist provide guidance for implementing or assessing GDPR compliance when using Microsoft products and services.