• Organizations increasingly understand the importance of information security—but the GDPR raises the bar. It requires that organizations take appropriate technical and organizational measures to protect personal data from loss or unauthorized access or disclosure.
• The Microsoft cloud is specifically built to help you understand risks and to defend against them, and is more secure than on-premises computing environments in many ways. For example, our datacenters are certified to internationally recognized security standards, protected by 24-hour physical surveillance, and have strict access controls. How we secure our cloud infrastructure is only part of a comprehensive security solution and each of our products, whether in the cloud or on premises, has security features to help you secure your data.
• Recommended products and services Microsoft cloud services synthesize unparalleled threat intelligence and provide tools that help you get the greatest benefit from that intelligence for your security efforts. Microsoft recommends the following products and services to help your organization meet the GDPR requirements in the Protect phase.
• Microsoft Azure feature: Azure Key Vault
• Enterprise Mobility + Security (EMS) features: Azure Active Directory Premium, Microsoft Intune
• Office and Office 365 features: Advanced Threat Protection, Threat Intelligence
• SQL Server and Azure SQL Database features: Transparent Data Encryption, Always Encrypted
• Windows and Windows Server features: Windows Defender Advanced Threat Protection, Windows Hello, Device Guard