- The GDPR provides data subjects—individuals to whom data relates—with more control over how their personal data is captured and used. Effectively managing your data involves both data governance and data classification.
- Data governance To satisfy your obligations to data subjects, you need to understand which types of personal data your organization processes, how your organization processes such data, and for what purposes. The data inventory discussed previously is a first step towards achieving this understanding. Once the inventory is complete, it’s also important to develop and implement a data governance plan. A data governance plan can help you define policies, roles, and responsibilities for the access, management, and use of personal data, and can help you ensure that your data handling practices comply with the GDPR.
- Data classification is an important part of any data governance plan. Adopting a classification scheme that applies throughout your organization can be particularly helpful for responding to data subject requests, because it enables you to identify more readily and process personal data requests.
- Recommended products and services Microsoft cloud services make it possible to centralize processing by more effectively managing applicable policies, data categorizations, and use cases. Microsoft recommends the following products and services to help your organization meet the GDPR requirements in the Manage phase.
- Microsoft Azure features: Azure Active Directory, Azure Role-Based Access Control (RBAC)
- Enterprise Mobility + Security (EMS) feature: Azure Information Protection
- Dynamics 365 feature: Security concepts
- Office and Office 365 features: Advanced Data Governance, Journaling (Exchange Online)
- Windows and Windows Server feature: Microsoft Data Classification Toolkit