September 25, 2017 6:00 am

Windows resources to help support your GDPR compliance

By / WDG Privacy Officer

With exactly eight months to go until the deadline, any organization that wants to do business with European Union (EU) residents will need to ensure compliance with the General Data Protection Regulation (GDPR). According to a recent report by Spiceworks, only 25 percent of organizations are prepared for this landmark regulatory requirement. At Microsoft, we are actively helping accelerate our customers’ compliance journey. Earlier this year, Brendon Lynch, our Chief Privacy Officer, announced our commitment to the principles behind GDPR and to helping organizations successfully comply with this new regulation.

Today, we are sharing two new Windows resources, Accelerate GDPR compliance with Windows 10 and Accelerate GDPR compliance with Windows Server 2016 white papers, that will help you plan and prepare for the GDPR deadline.

These important resources detail the security features and capabilities built into Windows that can help you comply with GDPR and implement the technical and organizational security measures to help protect personal data. For Windows 10 these compliance capabilities include:

  • Threat Protection: Pre-breach Threat Resistance
  • Threat Protection: Post-breach Detection and Response
  • Identity Protection
  • Information Protection

Additional capabilities for Windows Server include:

  • Credential and administrator privilege protections
  • Secure the operating system to run your apps and infrastructure
  • Secure virtualization

Implementing the appropriate technical and organizational security measures to protect personal data will take time, changes in process, expertise and training for your organization to comply with GPDR. For those just getting started, we recommended you begin your journey to GDPR compliance by focusing on four key steps:

Slide showing key GDPR steps, Discover, Manage, Protect, and Report.

While these requirements may seem daunting, Windows can help you effectively and efficiently address many of the GDPR requirements.

Threat, identity & information protection

As Brad Smith noted this summer, there is no privacy without security. That’s why we’ve always focused on security technologies and privacy features in our Windows operating system (OS) to help safeguard your information.

With Windows 10, your ability to protect, detect and defend against the types of attacks that can lead to data breaches is greatly improved. Given the stringent requirements around breach notification within the GDPR, ensuring that your desktop and laptop systems are well defended will lower the risks you face that could result in costly breach analysis and notification.

A key provision within the GDPR is data protection by design and by default. Helping with your ability to meet this provision are features within Windows 10 such as BitLocker Device Encryption.  BitLocker uses the Trusted Platform Module (TPM) technology, which provides hardware-based, security-related functions.  This crypto-processor chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM.

We encourage you to learn more about security technologies in the Accelerate GDPR compliance with Windows 10 white paper.

Identity protection, credential management & infrastructure security

Security breaches can have profound consequences for your organization. Windows Server 2016 has built-in risk mitigation capabilities to help implement technical and organizational security measures to protect personal data. These include a secure operating system to run your apps and infrastructure, anti-malware technologies that protect your environment from threats and exploits, and identity protection and credential management solutions that enable you to move from passwords to more secure forms of authentication. These are important elements of our defense-in-depth strategy that, combined with a layer of information protection, is built into hardware and virtual systems.

The GDPR requires you to implement appropriate technical and organizational security measures to protect personal data and processing systems. In the context of the GDPR, your physical and virtual server environments are potentially processing personal and sensitive data. Processing can mean any operation or set of operations, such as data collection, storage, and retrieval.

The ability to protect personal and sensitive data, that may be stored or accessed through desktops or laptops, will be further enhanced by adopting advanced authentication capabilities and access management.

As you work to comply with the GDPR, understanding the role of your physical and virtual servers in creating, accessing, processing, storing and managing data that may qualify as personal and potentially sensitive data under the GDPR is important. Windows Server provides capabilities that will help you comply with the GDPR requirements to implement appropriate technical and organizational security measures to protect personal data.

Additional details can be found in the Accelerate GDPR compliance with Windows Server 2016 white paper.

Get started today

Together with Microsoft’s comprehensive Cloud portfolio and the Microsoft 365 solutions announced today, these new Windows resources can help you make meaningful progress in preparation for these regulations. I encourage you to check them out to see how Windows can help simplify your GDPR journey.

In the coming months, we will continue to share how Windows is getting ready for GDPR and how using Windows can help you with your compliance journey. We also want to hear from you, so please also continue sharing your feedback and privacy questions.

– Marisa