Review the compliance requirements for organizations needing to ensure that devices, data, and services are secure and robust.
- [Instructor] You might think that by ensuring that all of your data is stored and protected by the various components of Microsoft 365 then you would become compliant in relation to GDPR. Unfortunately, that is only part of the requirements met. The GDPR articles related to the various components being discussed are included in the footnotes at the bottom of the screen to help you reach compliance. Let's take a look at the big picture of achieving compliance. One of the underlying principles of GDPR is organizations need to ensure that devices, data, and services are secure and robust.
Once data is secure, it can then be labeled, tracked, controlled, and managed including no further processing, data deletion, or amending the data to ensure that they were managed correct. By managing data in this way, an organization ensures that they have full control over their data. However, it's not good enough just to achieve compliance by using technology alone. Organizations also need to be able to prove that they are compliant. This can be done through auditing, reporting, and producing documentation as to how data is being stored, accessed, and managed.
The GDPR articles that cover compliance proof are included at the bottom of the screen.
- What is GDPR?
- Using Microsoft 365 for GDPR compliance
- Implementing Office 365 data loss prevention policies
- Securing data with Microsoft Cloud App Security
- Classifying data with Azure Information Protection
- Monitoring and managing data
- Monitoring regulatory compliance with Compliance Manager