Today is the enforcement date of the EU’s General Data Protection Regulation (GDPR), which establishes an important milestone for individual privacy rights. Microsoft has been a strong supporter of the GDPR since it was first proposed in 2012. The GDPR sets a strong standard for privacy because it puts people in control of their own data.
In this post, we summarize the resources on the Service Trust Portal that can help you with GDPR readiness when using Microsoft Cloud services.
Service Trust Portal – Get in-depth information to help you meet GDPR obligations
The Privacy area on Service Trust Portal provides GDPR resources across Microsoft Cloud services, including Office 365, Azure, Dynamics 365, Windows, and Professional Services. You can find 3 primary topics under the Privacy tab:
- Data Subject Requests (DSRs): get information about how specific Microsoft Cloud services enable you to discover, access, rectify, restrict, delete, and export personal data; connect you to the DSRs tools Microsoft builds to help you respond to DSRs (e.g. Data Log Export for responding to telemetry log DSRs).
- Data breach notification: find information about how Microsoft detects and responds to personal data breaches, and how you can set up your privacy contact to receive breach notifications from Microsoft in the event of personal data breach.
- Data Protection Impact Assessments (DPIAs): learn about Microsoft’s and your responsibilities for DPIA compliance, and get information provided by Microsoft that can support you to create your own DPIAs.
Visit it today at https://aka.ms/GDPRGetStarted and learn more about how to use Service Trust Portal to plan and implement GDPR controls in this video:
Compliance Manager – Assess and improve your GDPR compliance posture
Compliance Manager is a cross-Microsoft-Cloud solution that helps organizations understand and manage the complex compliance landscape with 3 key capabilities:
- Ongoing risk assessment: gain visibility into Microsoft’s internal controls as well as your compliance performance and make better plans with Compliance Score.
- Actionable insights: get guidance on implementing controls to increase your Compliance Score and enhance data protection capabilities.
- Simplified compliance: use the built-in dashboard, control management, and audit-ready reporting functions to assign, track, and record your compliance activities
GDPR assessments are now available in Compliance Manager for Azure, Dynamics 365, Office 365, and Microsoft Professional Services. Check out Compliance Manager today at https://aka.ms/compliancemanager.
Watch this 2-min video, which summarizes the capabilities of Compliance Manager:
You can find more resources about Service Trust Portal and Compliance Manager below:
- White paper: Service Trust Portal and Compliance Manager white paper
- Supporting document: Use Compliance Manager to help meet data protection and regulatory requirements when using Microsoft cloud services
- Compliance Manager product deep dive video: Simplify your GDPR compliance journey with Compliance Manager
 Compliance Manager is a dashboard that provides the Compliance Score and a summary of your data protection and compliance stature as well as recommendations to improve data protection and compliance. This is a recommendation, it is up to you to evaluate and validate the effectiveness of customer controls as per your regulatory environment. Recommendations from Compliance Manager and Compliance Score should not be interpreted as a guarantee of compliance.
 Note that Office 365 GCC customers can access Compliance Manager; however, users should evaluate whether to use the document upload feature of Compliance Manager, as the storage for document upload is compliant with Office 365 Tier C only. Compliance Manager is not yet available in sovereign clouds including Office 365 U.S. Government Community High (GCC High), Office 365 Department of Defense (DoD), Office 365 Operated by 21 Vianet, and Office 365 Germany.