The EU General Data Protection Regulation (GDPR) was developed to create cohesive data privacy laws across Europe that serve to protect all EU citizens. It replaces Data Protection Directive 95/46/EC, and differs in a number of significant ways, such as:
For a full list the most important changes between the General Data Protection Regulation and the Data Protection Directive 95/46/EC, visit https://www.eugdpr.org/key-changes.html.
The GDPR applies to organizations within the European Union, as well as companies located outside of the EU. Basically, any organization that offers goods or services to, or monitors the behavior of, EU data subjects, are impacted by the GDPR. Regulations apply to both controllers and processors, which means that “clouds” are not exempt from GDPR enforcement.
Because brands that provide services to millions of people around the world are obligated to uphold the laws of the countries where they do business, it behooves organizations that also do business in those countries to work together. And whether you’re a multi-national corporation, or a small web-based business that reaches customers in the EU, by choosing
cloud services provided by a global partner who is committed to adhering to the GDPR, you can work your way toward GDPR compliance without ever lifting a finger.
For instance, Microsoft’s Office 365 includes measures that comply with the GDPR’s data protection policy guidelines, as well as its security threat protection mandate. And because Office 365 is cloud based, it allows you to passively stay up to date – and gives your organization more time to focus on the “bigger picture” implications of the GDPR.
Because the GDPR hasn’t been enacted yet, it’s difficult to know which organizations, cloud or otherwise, will be compliant at its launch. However, in order to find the tools your organizations need to solidify its own compliance you’ll need to seek out companies now that have pledged compliance.
Many organizations have publicly vowed to achieve compliance by the time that the GDPR is enacted. A quick online search and/or an email or phone call with representatives from the organizations that you do (or are considering doing) business with are good first steps. Beyond that, consider asking your resident technology expert to vet the practices of your partners to determine whether they’re the right fit for your organization in the age of the GDPR. If you don’t have a tech expert who can help, you may consider hiring a technology consulting firm to vet your partners for you. After all, the cost of non-compliance will be steep, so protecting yourself is imperative – not only to your bottom line and your customer base, but indeed, to the future of your company.
Learn how Office 365 prioritizes security and compliance in our free eBook
The Microsoft 365 team is focused on sharing resources to help you start, run, and grow your business.
Business Insights and Ideas does not constitute professional tax or financial advice. You should contact your own tax or financial professional to discuss your situation.
Follow Microsoft 365