Andrew Bettany, MVP and cloud technology expert, provides a quick technical overview of how Microsoft 365 and GDPR can work really well together to secure GDPR compliance for your business.
2. Live life without regret, believe in your potential, don’t stop!
Andrew Bettany Quick Bio
•6 years MVP (Windows) 2012-2018
•Windows User Group
•IT Masterclasses Ltd – bespoke technical training
•Author of MS Press Windows 10 Exam Ref books
•Freelance Trainer
•Microsoft Learning Regional Lead for UK
Specialties: Microsoft 365 | Windows Client | Windows Server | Deployment
Certifications: MVP, MCSE, MCT, MCSA
3. Providing clarity and consistency for the
protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The General Data Protection
Regulation (GDPR) imposes new
rules on organizations in the European
Union (EU) and those that offer goods
and services to people in the EU, or that
collect and analyze data tied to EU
residents, no matter where they are
located.
Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights
4. Personal data
Any information related to an identified or identifiable
natural person including direct and indirect identification.
Examples include:
• Name
• Identification number (e.g., N.I numbers)
• Location data (e.g., home address)
• Online identifier (e.g., e-mail address, screen names,
IP addresses, device IDs)
Sensitive personal data
Personal data afforded enhanced protections:
• Genetic data (e.g., an individual’s gene sequence)
• Biometric Data (e.g., fingerprints, facial recognition,
retinal scans)
• Sub categories of personal data including:
• Racial or ethnic origin
• Political opinions, religious or philosophical beliefs
• Trade union membership
• Data concerning health
• Data concerning a person’s sex life or sexual
orientation
How GDPR defines
personal data
5. What are the key changes to address with GDPR?
Personal
privacy
Controls and
notifications
Transparent
policies
IT and training
Organizations will need to:
• Train privacy personnel
& employee
• Audit and update data
policies
• Employ a Data
Protection Officer (if
required)
• Create & manage
compliant vendor
contracts
Organizations will need to:
• Protect personal data
using appropriate security
• Notify authorities of
personal data breaches
• Obtain appropriate
consents for processing
data
• Keep records detailing
data processing
Individuals have the right to:
• Access their personal
data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Organizations are required
to:
• Provide clear notice of
data collection
• Outline processing
purposes and use cases
• Define data retention
and deletion policies
6. Protecting customer
privacy with GDPR
Improved data policies to provide
control to data subjects and ensure
lawful processing
Stricter control on
where personal data
is stored and how it is
used
Better data
governance
tools for better
transparency,
recordkeeping and
reporting
What does this mean for my data?
8. Classification and labelling
Discover personal data and apply persistent labels
Labels are persistent and
readable by other systems
e.g. DLP engine
Labels are metadata
written to data Sensitive data is
automatically detected
9. Information Protection is ALL about Labelling
Payroll
No PII
Consumer
Do not delete
Ex Employee
Contains PII
Employee
Bank Details
10.
11. PCs, tablets, mobile
Office 365 DLPWindows Information Protection
& BitLocker for Windows 10
Azure Information Protection
Exchange Online,
SharePoint Online &
OneDrive for Business
Highly
regulated
Intune MDM & MAM for
iOS & Android Microsoft Cloud App Security
Office 365 Advanced Data Governance
Azure IP
Comprehensive protection of sensitive data across devices, cloud services, and on-premises
Windows 10 Office 365 EM+S & Cloud
Services
Advanced device
management
12. Security & Compliance
Controls
• The most secure and up-to-date version of
Office & Windows
• Threat Protection (Virus, Malware) for Emails
• Malware and Spyware Detection and Removal
• Virus Detection and Removal, Boot Time
Protection
• Data Always encrypted on devices
• 2 Factor authentication needed to access data
on PC/Mobile.
• Protect data on Mobile Devices
(Copy/Paste/Save operations)
• Benchmark your controls with Secure Score
• Gain visibility with the Security & Compliance
Center
Small to mid-size businesses for up to 300
Microsoft 365 Business
£15.10 per user/per month
13. Microsoft 365 Business
Office 365 Business Premium
Microsoft 365 Business
£15.10 per user/per month
Windows 10 Pro
EMS SMB*
Small to mid-size businesses for
up to 300
* Limited
Intune and
AAD Premium
features
14. Microsoft 365 Enterprise E3
£28.00 per user/per month
Unlock: Identity,
Information
& Device Protection
• Classification and Labeling
• Multi-Factor Authentication
• Message Encryption and Rights Management
• Tracking, Reporting, and Revoking Privileges
• Advanced Threat Protection: Safe Links, Safe
Attachments
15. Microsoft 365 Enterprise E3
£28.00 per user/per month
Microsoft 365
Enterprise E3
Office 365 Enterprise E3*
Windows 10 Enterprise E3
EM+S E3
* +On-premises
server rights for
SharePoint,
Exchange, SfB
16. Unlock: Advanced
Compliance &
Protection
• Automatically classify, protect & preserve
sensitive data
• Shadow IT Detection with Cloud App Security
• Real Time Risk based access to corporate
network
• Anomalous Attack Detection and Reporting
• SSO to 2700+ non-Microsoft SAAS Apps
• Additional customer access controls for
Microsoft support
• Windows Defender Advanced Threat Protection
Microsoft 365 Enterprise E5
£51.90 per user/per month
17. Microsoft 365 Enterprise
E5
Microsoft 365 Enterprise E5
£51.90 per user/per month
Office 365 Enterprise E5*
Windows 10 Enterprise E5
EM+S E5
* +On-premises
server rights for
SharePoint,
Exchange, SfB
18. Microsoft Cloud App Security
Discover and
assess risks
Control access
in real time
Detect
threats
Protect your
information
Identify cloud apps on your
network, gain visibility into
shadow IT, and get risk
assessments and ongoing
analytics.
Manage and limit cloud
app access based on
conditions and session
context, including user
identity, device, and
location.
Identify high-risk usage
and detect unusual
behavior using Microsoft
threat intelligence and
research.
Get granular control over
data and use built-in or
custom policies for data
sharing and data loss
prevention.
19.
20. Microsoft 365 Enterprise Technology Benefit E3 E5
Azure Active Directory
Premium P1
Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security
reporting
● ●
Azure Active Directory
Premium P2
Identity and access management with advanced
protection for users and privileged identities ●
Microsoft Intune
Mobile device and app management to protect
corporate apps and data on any device ● ●
Azure Information
Protection P1
Encryption for all files and storage locations
Cloud-based file tracking
● ●
Azure Information
Protection P2
Intelligent classification and encryption for files
shared inside and outside your organization ●
Microsoft Cloud App
Security
Enterprise-grade visibility, control, and protection for
your cloud applications ●
Microsoft Advanced
Threat Analytics
Protection from advanced targeted attacks
leveraging user and entity behavioral analytics ● ●
Identity and
access
management
Managed mobile
productivity
Information
protection
Threat Detection
21. Please contact info@itmasterclasses.com to discuss the
following:
• GDPR end user staff awareness training
• Technical training on Microsoft 365 & Microsoft Cloud