Ensuring GDPR Compliance - A Zymplify GuideZymplify
The GDPR will come into force on 25 May 2018 and will change data protection laws across the EU. Organisations can face heavy fines if they are found to be in breach of the GDPR, so take a look at Zymplify's guide to the most important parts of the regulation. Act now to get ready for the GDPR. Book a Demo with Zymplify - http://d36.co/12vWD
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
Even though GDPR is a European Union regulation, it impacts any company with customers in that region. One of the first key tasks of the data management team should be to create awareness regarding the impact of GDPR on the business with all key stakeholders across the organization. In order to generate awareness, organizations need to have clearly defined documentation defining the policies, rules, requirements and the impact of non-compliance. Kim Brushaber will look at what is involved with GDPR, what you should be concerned with, and how to get the conversation started between the business and technical teams within your organization using ER/Studio.
Ensuring GDPR Compliance - A Zymplify GuideZymplify
The GDPR will come into force on 25 May 2018 and will change data protection laws across the EU. Organisations can face heavy fines if they are found to be in breach of the GDPR, so take a look at Zymplify's guide to the most important parts of the regulation. Act now to get ready for the GDPR. Book a Demo with Zymplify - http://d36.co/12vWD
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
The General Data Protection Regulation (GDPR) goes into effect in 2018 and it will affect any business that handles data, even if it's not based in the European Union.Are you looking to move and host data for EU citizens? Do you have a roadmap and associated estimated costs for EU GDPR compliance?Join this webinar to learn:
• Case study and legal/regulatory impact to GDPR• Security Metrics• Oversight of third parties• How to measure cybersecurity preparedness
Presenters : Ulf Mattsson, David Morris, Ian West. and Khizar Sheikh
Date & Time : Aug 17 2017 5:00 pm
Timezone : United States - New York
Even though GDPR is a European Union regulation, it impacts any company with customers in that region. One of the first key tasks of the data management team should be to create awareness regarding the impact of GDPR on the business with all key stakeholders across the organization. In order to generate awareness, organizations need to have clearly defined documentation defining the policies, rules, requirements and the impact of non-compliance. Kim Brushaber will look at what is involved with GDPR, what you should be concerned with, and how to get the conversation started between the business and technical teams within your organization using ER/Studio.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
GDPR is Top Priority in US
Over half of US multinationals say GDPR is their top data- protection priority according to PWC. Of the 200 respondents, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda. Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and organizations seeking to be ready by the deadline will need to move quickly. There are a multitude of considerations: policies, marketing programs, systems, operations and the overall information architecture. This session provides a primer on GDPR, the required data management capabilities, and how governance will need to evolve for compliance.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
The new European GDPR privacy regulations will significantly impact data governance for multinational companies worldwide. This presentation introduces GDPR, its implications, and a six step process for compliance. In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and the fines associated with non-compliance are significant with as much as 4% of global sales.
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
GDPR is Top Priority in US
Over half of US multinationals say GDPR is their top data- protection priority according to PWC. Of the 200 respondents, 54 % reported that GDPR readiness is the highest priority on their data-privacy and security agenda. Another 38% said GDPR is one of several top priorities, while only 7% said it isn’t a top priority.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
You can watch the replay for this Geek Sync webcast in the IDERA Resource Center: http://ow.ly/tLtr50A5b4b
The General Data Protection Regulation (GDPR) is inevitable and goes live in the EU beginning May 25th 2018. It touches all technical and organizational measures as well as the design of internal systems and processes, and affects all companies around the world that have customers in the EU.
Join IDERA and Dr. Sultan Shiffa as he focuses on how data modeling, governance and collaboration help Executives, IT Managers, Architects, DBAs and Developers tackle the key challenges around data protection by design and by default, individual rights to access and erasure, valid consent, data protection roles and accountabilities, data breach notifications, and auditing the records of data processing activities. This session will also explore best practices and examples for how to master those challenges and assess the data protection impact. After this session, you can be prepared to become GDPR compliant ahead of the deadline and beyond.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and organizations seeking to be ready by the deadline will need to move quickly. There are a multitude of considerations: policies, marketing programs, systems, operations and the overall information architecture. This session provides a primer on GDPR, the required data management capabilities, and how governance will need to evolve for compliance.
The General Data Protection Regulation and the DAMA DMBOK – Tools you can use for Compliance
Abstract: The General Data Protection Regulation will be the law governing data privacy in Europe in 2018. Surveys show that less than 50% of organisations are aware of the changes within the legislation, and even fewer have any plan for achieving compliance. In this session, Daragh O Brien takes us on a high level overview of the GDPR and how the disciplines of the DMBOK can help compliance.
Notes: DMBOK is an abbreviation for the "Data Management Book of Knowledge" which is published by DAMA International (The Data Management Association)
The European Union (EU) is implementing GDPR (General Data Protection Regulation) on May 25, 2018. Organizations who offer goods or services to EU residents or monitor the behavior of EU residents must comply, or they may incur significant financial penalties. Are you ready? Time is running out to ensure you comply with the new requirements.
In this webinar presentation, Dean Evans, Satori Consulting to learn what the GDPR requirements mean for your organization, plus get a practical guide to achieving GDPR readiness including how to implement processes to satisfy the privacy rights of individuals. Dean will cover:
=> What is GDPR?
=> Common GDPR misconceptions
=> Key considerations
=> How to develop a plan of action
=> Process owners as data stewards
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
The new European GDPR privacy regulations will significantly impact data governance for multinational companies worldwide. This presentation introduces GDPR, its implications, and a six step process for compliance. In May of 2018 the European Union’s General Data Protection Regulation (GDPR) will go into effect and the fines associated with non-compliance are significant with as much as 4% of global sales.
70% of employees have access to data they should not…and that’s going to be a problem when GDPR takes affect in May 2018.
A strong data governance program ensures that you have the policies, standards, and controls in place to protect data effectively and access it for decision making. Data governance may become one of the most important functions of your data integration architecture when it comes to data agility.
Watch this on-demand webinar describing practical steps to data governance:
- Map personal data elements to data fields across systems using metadata
- Create workflows for data stewardship and manage end user computing
- Establish a data lake with native data quality for consent processing
- Track and manage data with audit trails and data lineage
If you are in the UK and need to check that you will comply with the General Data Protection Regulations when they come into force in May 2018, this checklist might help. Developed for use in my own business it is shared without liability. Please use it wisely to start the process of complying.
For more information on making your processes and your legal documents simple, especially if you are in the UK construction industry, go to http://500words.co.uk/
"If we're leaving the EU, does GDPR even matter?" And other FAQsTech Data
As the GDPR looms, Microsoft and Tech Data help to clear the fog for your business by answering your burning questions surrounding this intimidating regulatory change.
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
A brief outline of the challenges that could be face by financial institutions with the implementation of the GDPR and recommendations to mitigate them
Our yearly INFOMAGAZINE features technical articles and covers the latest technology advancements, innovative projects, new products, service capabilities, business news and market developments covering all aspects of the IT protection, optimization and control.
In this issue we are FOCUSING ON GDPR COMPLIANCE, new technologies such us protection against cryptolocker, advanced threats, monitoring and optimization tools, cryptography trends and many more… all missing pieces of puzzle in user’s IT and idea to offer partners and costumers new technologies for successful planning.
Cognizant business consulting the impacts of gdpraudrey miguel
In May 2018, GDPR (Global Data Protection Regulation) will come into force in Europe. Conventional wisdom is that GDPR will cause significant legal changes for many organizations and result in yet another regulatory-driven upheaval in technology. But is this an accurate assessment of the likely impact?
This study provides guidance on some of the most important aspects of the GDPR for companies outside the EU and describes some of its key implications with regards to organisational IT and governance. It also offers some key practical advice on steps that can ensure compliance with the GDPR.
It, Legal, Marketing and sales departments are all affected by the European Union's General Data Protection Regulation (EU GDPR). EU GDPR is more than an IT governance issue, it impacts the IT architecture and the user journey of your online and offline data capture processes.
Data Privacy laws around the world have levied stringent obligations on the way businesses are required to handle sensitive data. Non-compliance to these obligations will have severe consequences and penalties, especially in case of a security breach. Organizations looking to achieve GDPR compliance need to map their data flow to assess privacy risks. GDPR Data Mapping is the process of determining the type of data processed and the way they are processed. This helps determine the risk exposure of your company and systems or applications that are highly exposed to threats.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
The engaging white paper delivers the core facts you need to understand the fundamental nature of the GDPR regulations and what it means for your business and the management of its data.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
What is the TDS Return Filing Due Date for FY 2024-25.pdfseoforlegalpillers
It is crucial for the taxpayers to understand about the TDS Return Filing Due Date, so that they can fulfill your TDS obligations efficiently. Taxpayers can avoid penalties by sticking to the deadlines and by accurate filing of TDS. Timely filing of TDS will make sure about the availability of tax credits. You can also seek the professional guidance of experts like Legal Pillers for timely filing of the TDS Return.
The world of search engine optimization (SEO) is buzzing with discussions after Google confirmed that around 2,500 leaked internal documents related to its Search feature are indeed authentic. The revelation has sparked significant concerns within the SEO community. The leaked documents were initially reported by SEO experts Rand Fishkin and Mike King, igniting widespread analysis and discourse. For More Info:- https://news.arihantwebtech.com/search-disrupted-googles-leaked-documents-rock-the-seo-world/
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
[Note: This is a partial preview. To download this presentation, visit:
https://www.oeconsulting.com.sg/training-presentations]
Sustainability has become an increasingly critical topic as the world recognizes the need to protect our planet and its resources for future generations. Sustainability means meeting our current needs without compromising the ability of future generations to meet theirs. It involves long-term planning and consideration of the consequences of our actions. The goal is to create strategies that ensure the long-term viability of People, Planet, and Profit.
Leading companies such as Nike, Toyota, and Siemens are prioritizing sustainable innovation in their business models, setting an example for others to follow. In this Sustainability training presentation, you will learn key concepts, principles, and practices of sustainability applicable across industries. This training aims to create awareness and educate employees, senior executives, consultants, and other key stakeholders, including investors, policymakers, and supply chain partners, on the importance and implementation of sustainability.
LEARNING OBJECTIVES
1. Develop a comprehensive understanding of the fundamental principles and concepts that form the foundation of sustainability within corporate environments.
2. Explore the sustainability implementation model, focusing on effective measures and reporting strategies to track and communicate sustainability efforts.
3. Identify and define best practices and critical success factors essential for achieving sustainability goals within organizations.
CONTENTS
1. Introduction and Key Concepts of Sustainability
2. Principles and Practices of Sustainability
3. Measures and Reporting in Sustainability
4. Sustainability Implementation & Best Practices
To download the complete presentation, visit: https://www.oeconsulting.com.sg/training-presentations
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Business Valuation Principles for EntrepreneursBen Wann
This insightful presentation is designed to equip entrepreneurs with the essential knowledge and tools needed to accurately value their businesses. Understanding business valuation is crucial for making informed decisions, whether you're seeking investment, planning to sell, or simply want to gauge your company's worth.
"𝑩𝑬𝑮𝑼𝑵 𝑾𝑰𝑻𝑯 𝑻𝑱 𝑰𝑺 𝑯𝑨𝑳𝑭 𝑫𝑶𝑵𝑬"
𝐓𝐉 𝐂𝐨𝐦𝐬 (𝐓𝐉 𝐂𝐨𝐦𝐦𝐮𝐧𝐢𝐜𝐚𝐭𝐢𝐨𝐧𝐬) is a professional event agency that includes experts in the event-organizing market in Vietnam, Korea, and ASEAN countries. We provide unlimited types of events from Music concerts, Fan meetings, and Culture festivals to Corporate events, Internal company events, Golf tournaments, MICE events, and Exhibitions.
𝐓𝐉 𝐂𝐨𝐦𝐬 provides unlimited package services including such as Event organizing, Event planning, Event production, Manpower, PR marketing, Design 2D/3D, VIP protocols, Interpreter agency, etc.
Sports events - Golf competitions/billiards competitions/company sports events: dynamic and challenging
⭐ 𝐅𝐞𝐚𝐭𝐮𝐫𝐞𝐝 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬:
➢ 2024 BAEKHYUN [Lonsdaleite] IN HO CHI MINH
➢ SUPER JUNIOR-L.S.S. THE SHOW : Th3ee Guys in HO CHI MINH
➢FreenBecky 1st Fan Meeting in Vietnam
➢CHILDREN ART EXHIBITION 2024: BEYOND BARRIERS
➢ WOW K-Music Festival 2023
➢ Winner [CROSS] Tour in HCM
➢ Super Show 9 in HCM with Super Junior
➢ HCMC - Gyeongsangbuk-do Culture and Tourism Festival
➢ Korean Vietnam Partnership - Fair with LG
➢ Korean President visits Samsung Electronics R&D Center
➢ Vietnam Food Expo with Lotte Wellfood
"𝐄𝐯𝐞𝐫𝐲 𝐞𝐯𝐞𝐧𝐭 𝐢𝐬 𝐚 𝐬𝐭𝐨𝐫𝐲, 𝐚 𝐬𝐩𝐞𝐜𝐢𝐚𝐥 𝐣𝐨𝐮𝐫𝐧𝐞𝐲. 𝐖𝐞 𝐚𝐥𝐰𝐚𝐲𝐬 𝐛𝐞𝐥𝐢𝐞𝐯𝐞 𝐭𝐡𝐚𝐭 𝐬𝐡𝐨𝐫𝐭𝐥𝐲 𝐲𝐨𝐮 𝐰𝐢𝐥𝐥 𝐛𝐞 𝐚 𝐩𝐚𝐫𝐭 𝐨𝐟 𝐨𝐮𝐫 𝐬𝐭𝐨𝐫𝐢𝐞𝐬."
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraAvirahi City Dholera
The Tata Group, a titan of Indian industry, is making waves with its advanced talks with Taiwanese chipmakers Powerchip Semiconductor Manufacturing Corporation (PSMC) and UMC Group. The goal? Establishing a cutting-edge semiconductor fabrication unit (fab) in Dholera, Gujarat. This isn’t just any project; it’s a potential game changer for India’s chipmaking aspirations and a boon for investors seeking promising residential projects in dholera sir.
Visit : https://www.avirahi.com/blog/tata-group-dials-taiwan-for-its-chipmaking-ambition-in-gujarats-dholera/
What are the main advantages of using HR recruiter services.pdfHumanResourceDimensi1
HR recruiter services offer top talents to companies according to their specific needs. They handle all recruitment tasks from job posting to onboarding and help companies concentrate on their business growth. With their expertise and years of experience, they streamline the hiring process and save time and resources for the company.
Implicitly or explicitly all competing businesses employ a strategy to select a mix
of marketing resources. Formulating such competitive strategies fundamentally
involves recognizing relationships between elements of the marketing mix (e.g.,
price and product quality), as well as assessing competitive and market conditions
(i.e., industry structure in the language of economics).
Beginning your General Data Protection Regulation (GDPR) Journey
1. Beginning your General Data
Protection Regulation (GDPR)
Journey
Accelerate GDPR compliance
with Windows 10
2. W i n d o w s 1 0 a n d t h e G D P R P a g e 1 | 18
Table of Contents
Disclaimer......................................................................................................................................................2
Introduction ..................................................................................................................................................3
The GDPR and Its Implications......................................................................................................................3
Personal and Sensitive Data..........................................................................................................................4
Journey Toward GDPR Compliance – Getting Started..................................................................................4
Key GDPR Steps.....................................................................................................................................5
Windows 10 Security & Privacy ....................................................................................................................5
Windows 10: Supporting Your GDPR Compliance Journey ..........................................................................6
Threat Protection: Pre-breach Threat Resistance ....................................................................................6
Responding to emerging threats on data .............................................................................................7
Systemically disrupting phishing, malware, and hacking attacks.........................................................8
Blocking all unwanted apps ..................................................................................................................8
Threat Protection: Post-breach Detection and Response ........................................................................9
Insightful security telemetry.................................................................................................................9
Detecting attacks and forensic investigation......................................................................................10
Identity Protection..................................................................................................................................14
Multi-factor protection.......................................................................................................................14
Protection against attacks by isolating user credentials.....................................................................15
Information Protection ...........................................................................................................................15
Encryption for lost or stolen devices ..................................................................................................16
Preventing accidental data leaks to unauthorized users....................................................................16
Capabilities to classify, assign permissions and share data................................................................17
Windows 10 Resources To Help You Meet The GDPR................................................................................18
4. W i n d o w s 1 0 a n d t h e G D P R P a g e 3 | 18
Introduction
On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy
rights, security, and compliance.
The General Data Protection Regulation, or GDPR, is fundamentally about protecting and enabling the
privacy rights of individuals. The GDPR establishes strict global privacy requirements governing how you
manage and protect personal data while respecting individual choice—no matter where data is sent,
processed, or stored.
Microsoft and our customers are now on a journey to achieve the privacy goals of the GDPR. At
Microsoft, we believe privacy is a fundamental right, and we believe that the GDPR is an important step
forward for clarifying and enabling individual privacy rights. But we also recognize that the GDPR will
require significant changes by organizations all over the world.
We have outlined our commitment to the GDPR and how we are supporting our customers within the
“Get GDPR compliant with the Microsoft Cloud” blog post by our Chief Privacy Officer Brendon Lynch
and the “Earning your trust with contractual commitments to the General Data Protection Regulation”
blog post by Rich Sauer - Microsoft Corporate Vice President & Deputy General Counsel.
Although your journey to GDPR may seem challenging, we are here to help you. For specific information
about the GDPR, our commitments and beginning your journey, please visit the GDPR section of the
Microsoft Trust Center.
The GDPR and Its Implications
The GDPR is a complex regulation that may require significant changes in how you gather, use and
manage personal data. Microsoft has a long history of helping our customers comply with complex
regulations, and when it comes to preparing for the GDPR, we are your partner on this journey.
The GDPR imposes rules on organizations that offer goods and services to people in the European Union
(EU), or that collect and analyze data tied to EU residents, no matter where those businesses are
located. Among the key elements of the GDPR are the following:
• Enhanced personal privacy rights - strengthened data protection for residents of EU by ensuring
they have the right to access to their personal data, to correct inaccuracies in that data, to erase
that data, to object to processing of their personal data, and to move it;
• Increased duty for protecting personal data - reinforced accountability of organizations that
process personal data, providing increased clarity of responsibility in ensuring compliance;
• Mandatory personal data breach reporting - organizations that control personal data are
required to report personal data breaches that pose a risk to the rights and freedoms of
individuals to their supervisory authorities without undue delay, and, where feasible, no later
than 72 hours once they become aware of the breach;
As you might anticipate, the GDPR can have a significant impact on your business, potentially requiring
you to update privacy policies, implement and strengthen data protection controls and breach
5. W i n d o w s 1 0 a n d t h e G D P R P a g e 4 | 18
notification procedures, deploy highly transparent policies, and further invest in IT and training.
Microsoft Windows 10 can help you effectively and efficiently address some of these requirements.
Personal and Sensitive Data
As part of your effort to comply with the GDPR, you will need to understand how the regulation defines
personal and sensitive data and how those definitions relate to data held by your organization.
The GDPR considers personal data to be any information
related to an identified or identifiable natural person. That
can include both direct identification (e.g., your legal
name) and indirect identification (i.e., specific information
that makes it clear it is you the data references). The GDPR
makes clear that the concept of personal data includes
online identifiers (e.g., IP addresses, mobile device IDs)
and location data had been somewhat unclear.
The GDPR introduces specific definitions for genetic data
(e.g., an individual’s gene sequence) and biometric data.
Genetic data and biometric data along with other sub
categories of personal data (personal data revealing racial
or ethnic origin, political opinions, religious or
philosophical beliefs, or trade union membership: data
concerning health; or data concerning a person’s sex life or
sexual orientation) are treated as sensitive personal data
under the GDPR. Sensitive personal data is afforded
enhanced protections and generally requires an
individual’s explicit consent where these data are to be processed.
Journey Toward GDPR Compliance – Getting Started
Where do you begin? How can Microsoft Windows 10 help you start the journey toward GDPR
compliance?
In the general whitepaper “Beginning your General Data Protection Regulation (GDPR) Journey”, we
addressed topics such as an introduction to GDPR, how it impacts you and what you can do to begin
your journey today. We also recommended that you begin your journey to GDPR compliance by focusing
on four key steps:
Information relating to an identified
or identifiable natural person (data
subject) - examples
• Name
• Identification number (e.g., SSN)
• Location data (e.g., home address)
• Online identifier (e.g., e-mail address,
screen names, IP address, device IDs)
• Pseudonymous data (i.e., using a key
to identify individuals)
• Genetic data (e.g., biological samples
from an individual)
• Biometric data (e.g., fingerprints,
facial recognition)
6. W i n d o w s 1 0 a n d t h e G D P R P a g e 5 | 18
For each of the steps, we outlined example tools, resources, and features in various Microsoft solutions
that can be used to help you address the requirements of that step. While this document is not a
comprehensive “how to,” we have included links for you to find out more details, and more information
is available at Microsoft.com/GDPR.
Given how much is involved, you should not wait to prepare until GDPR enforcement begins. You should
review your privacy and data management practices now. The balance of this white paper is focused on
how Windows 10 can support your compliance with the GDPR as well as approaches, recommended
practices and techniques to support your GDPR compliance journey.
Windows 10 Security & Privacy
As you work to comply with the GDPR, understanding the role of your desktop and laptop client
machines in creating, accessing, processing, storing and managing data that may qualify as as personal
and potentially sensitive data under the GDPR is important. Windows 10 provides capabilities that will
help you comply with the GDPR requirements to implement appropriate technical and organizational
security measures to protect personal data.
With Windows 10, your ability to protect, detect and defend against the types of attacks that can lead to
data breaches is greatly improved. Given the stringent requirements around breach notification within
the GDPR, ensuring that your desktop and laptop systems are well defended will lower the risks you face
that could result in costly breach analysis and notification.
In the section that follows, you will see how Windows 10 provides capabilities that fit squarely in the
Protect stage of your journey. These Protect capabilities fall into four scenarios:
• Threat Protection: Pre-breach Threat Resistance - Disrupt the malware and hacking industry by
moving the playing field to one where they lose the attack vectors that they depend on.
• Threat Protection: Post-breach Detection and Response – Detect, investigate, and respond to
advanced threats and data breaches on your networks.
Key GDPR Steps
• Discover—identify what personal
data you have and where it resides.
• Manage—govern how personal data
is used and accessed.
• Protect—establish security controls
to prevent, detect, and respond to
vulnerabilities and data breaches.
• Report—execute on data requests,
report data breaches, and keep
required documentation.
7. W i n d o w s 1 0 a n d t h e G D P R P a g e 6 | 18
• Identity Protection – Next generation technology to help protect your user’s identities from
abuse.
• Information Protection - Comprehensive data protection while meeting compliance
requirements and maintaining user productivity.
These capabilities, discussed in more detail below with references to specific GDPR requirements, are
built on top of advanced device protection that maintains the integrity and security of the operating
system and data.
A key provision within the GDPR is data protection by design and by default, and helping with your
ability to meet this provision are features within Windows 10 such as the Trusted Platform Module
(TPM) technology designed to provide hardware-based, security-related functions. A TPM chip is a
secure crypto-processor that is designed to carry out cryptographic operations.
The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious
software is unable to tamper with the security functions of the TPM. Some of the key advantages of
using TPM technology are that you can:
• Generate, store, and limit the use of cryptographic keys;
• Use TPM technology for platform device authentication by using the TPM’s unique RSA key,
which is burned into itself;
• Help ensure platform integrity by taking and storing security measurements.
Additional advanced device protection relevant to your operating without data breaches include
Windows Trusted Boot to help maintain the integrity of the system by ensuring malware is unable to
start before system defenses.
Windows 10: Supporting Your GDPR Compliance Journey
In this section, you will see how key features within Windows 10 will help you to efficiently and
effectively implement the security and privacy mechanisms the GDPR requires for compliance. While the
use of these features will not guarantee your compliance per se, they will support your efforts to do so.
Threat Protection: Pre-breach Threat Resistance
The GDPR requires you to implement appropriate technical and organizational security measures to
protect personal data.
Your ability to meet this requirement to implement appropriate technical security measures should
reflect the threats you face in today’s increasingly hostile IT environment. Today’s security threat
landscape is one of aggressive and tenacious threats. In previous years, malicious attackers mostly
focused on gaining community recognition through their attacks or the thrill of temporarily taking a
system offline. Since then, attacker’s motives have shifted toward making money, including holding
devices and data hostage until the owner pays the demanded ransom.
8. W i n d o w s 1 0 a n d t h e G D P R P a g e 7 | 18
Modern attacks increasingly focus on large-scale intellectual property theft; targeted system
degradation that can result in financial loss; and now even cyberterrorism that threatens the security of
individuals, businesses, and national interests all over the world. These attackers are typically highly
trained individuals and security experts, some of whom are in the employ of nation states that have
large budgets and seemingly unlimited human resources. Threats like these require an approach that
can meet this challenge.
Not only are these threats a risk to your ability to maintain control of any personal or sensitive data you
may have, but they are a material risk to your overall business as well. Consider recent data from
Ponemon Institute, Verizon, and Microsoft:
• The average cost of the type of data breach the GDPR will expect you to report is $3.5M.
(Ponemon Institute)
• 63% of these breaches involve weak or stolen passwords that the GDPR expects you to address.
(2016 Data Breach Investigations Report, Verizon Enterprise)
• Over 300,000 new malware samples are created and spread every day making your task to
address data protection even more challenging. (Microsoft Malware Protection Center,
Microsoft)
As seen with recent ransomware attacks, once called the black plague of the internet, attackers are
going after bigger targets that can afford to pay more, with potentially catastrophic consequences.
Desktops and laptops, that contain personal and sensitive data, are commonly targeted where control
over data might be lost.
In response to these threats and as a part of your mechanisms to resist these types of breaches so that
you remain in compliance with the GDPR, Windows 10 provides built in technology, detailed below
including the following:
• Windows Defender Antivirus to respond to emerging threats on data
• Microsoft Edge to systemically disrupt phishing, malware, and hacking attacks
• Device Guard to block all unwanted applications on client machines
Responding to emerging threats on data
Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware
management for desktops, portable computers, and servers. Windows Defender Antivirus has been
significantly improved since it was introduced in Windows 8. Windows Defender Antivirus in Windows
10 uses a multi-pronged approach to improve antimalware:
• Cloud-delivered protection helps detect and block new malware within seconds, even if the
malware has never been seen before.
• Rich local context improves how malware is identified. Windows 10 informs Windows Defender
Antivirus not only about content like files and processes but also where the content came from,
where it has been stored, and more.
9. W i n d o w s 1 0 a n d t h e G D P R P a g e 8 | 18
• Extensive global sensors help keep Windows Defender Antivirus current and aware of even the
newest malware. This is accomplished in two ways: by collecting the rich local context data from
end points and by centrally analyzing that data.
• Tamper proofing helps guard Windows Defender Antivirus itself against malware attacks. For
example, Windows Defender Antivirus uses Protected Processes, which prevents untrusted
processes from attempting to tamper with Windows Defender Antivirus components, its registry
keys, and so on.
• Enterprise-level features give IT pros the tools and configuration options necessary to make
Windows Defender Antivirus an enterprise-class antimalware solution.
Systemically disrupting phishing, malware, and hacking attacks
In today’s threat landscape, your ability to provide those mechanisms should be tied to the specific data-
focused attacks you face through phishing, malware and hacking due to the browser-related attacks.
As part of Windows 10, Microsoft has brought you Microsoft Edge, our safest and most secure browser
to-date. Over the past two years, we have been continuously innovating, and we’re proud of the
progress we’ve made. This quality of engineering is reflected by the reduction of Common
Vulnerabilities and Exposures (CVE) when comparing Microsoft Edge with Internet Explorer over the
past year. Browser-related attacks on personal and sensitive data that you will need to protect under
the GDPR means this innovation in Windows 10 is important.
While no modern browser—or any complex
application—is free of vulnerabilities, the
majority of the vulnerabilities for Microsoft Edge
have been responsibly reported by professional
security researchers who work with the
Microsoft Security Response Center (MSRC) and
the Microsoft Edge team to ensure customers are
protected well before any attacker might use
these vulnerabilities in the wild. Even better,
there is no evidence that any vulnerabilities have
been exploited in the wild as zero-day attacks.
However, many businesses worldwide have come under increasing threat of targeted attacks, where
attackers are crafting specialized attacks against a specific business, attempting to take control of
corporate networks and data.
Blocking all unwanted apps
Application Control is your best defense in a world where there are more than 300,000 new malware
samples each day. As part of Windows 10, Device Guard is a combination of enterprise-related hardware
and software security features that, when configured together, will lock a device down so that it can
only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it
can’t run, period.
With hardware that meets basic requirements, it also means that even if an attacker manages to get
control of the Windows kernel, he or she will be much less likely to be able to run malicious executable
10. W i n d o w s 1 0 a n d t h e G D P R P a g e 9 | 18
code. With appropriate hardware, Device Guard can use the new virtualization-based security in
Windows 10 to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case,
the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
Device Guard protects threats that can expose personal or sensitive data to attack, including:
• Exposure to new malware, for which the "signature" is not yet known
• Exposure to unsigned code (most malware is unsigned)
• Malware that gains access to the kernel and then, from within the kernel, captures sensitive
information or damages the system
• DMA-based attacks, for example, attacks launched from a malicious device that read secrets
from memory, making the enterprise more vulnerable to attack; and
• Exposure to boot kits or to a physically present attacker at boot time.
Threat Protection: Post-breach Detection and Response
The GDPR includes explicit requirements for breach notification where a personal data breach means,
“a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise
processed.”1
As noted in the Windows Security Center white paper, Post Breach: Dealing with Advanced Threats,
“Unlike pre-breach, post-breach assumes a breach has already occurred – acting as a flight recorder and
Crime Scene Investigator (CSI). Post-breach provides security teams the information and toolset needed
to identify, investigate, and respond to attacks that otherwise will stay undetected and below the radar.”
In this section, we will look at how Windows 10 can help you meet your GDPR breach notification
obligations. This starts with understanding the underlying threat data available to Microsoft that is
gathered and analyzed for your benefit and how, through Windows Defender Advanced Threat
Protection (ATP), that data can be critical to you.
Insightful security telemetry
For nearly two decades, Microsoft has been turning threats into useful intelligence that can help fortify
our platform and protect customers. Today, with the immense computing advantages afforded by the
cloud, we are finding new ways to use our rich analytics engines driven by threat intelligence to protect
our customers.
1
Reference: GDPR Regulation: Article 4 Definitions (12)
11. W i n d o w s 1 0 a n d t h e G D P R P a g e 10 | 18
By applying a combination of automated and manual processes, machine learning and human experts,
we are able to create an Intelligent Security Graph that learns from itself and evolves in real-time,
reducing our collective time to detect and respond to new incidents across our products.
Microsoft Intelligent Security Graph: Our Unique Intelligence
The scope of Microsoft’s threat intelligence spans, literally, billions of data points: 35 billion messages
scanned monthly, 1 billion customers across enterprise and consumer segments accessing 200+ cloud
services, and 14 billion authentications performed daily. All this data is pulled together on your behalf by
Microsoft to create the Intelligent Security Graph that can help you protect your front door dynamically
to stay secure, remain productive, and meet the requirements of the GDPR.
Detecting attacks and forensic investigation
Even the best endpoint defenses may be breached eventually, as cyberattacks become more
sophisticated and targeted.
Windows Defender Advanced Threat Protection (ATP) helps you detect, investigate, and respond to
advanced attacks and data breaches on your networks. GDPR expects you to protect against attacks and
breaches through technical security measures to ensure the ongoing confidentiality, integrity, and
availability of personal data.
Among the key benefits of ATP are the following:
• Detecting the undetectable - sensors built deep into the operating system kernel, Windows
security experts, and unique optics from over 1 billion machines and signals across all Microsoft
services.
12. W i n d o w s 1 0 a n d t h e G D P R P a g e 11 | 18
• Built in, not bolted on - agentless with high performance and low impact, cloud-powered; easy
management with no deployment.
• Single pane of glass for Windows security - explore 6 months of rich machine timeline that
unifies security events from Windows Defender ATP, Windows Defender Antivirus.
• Power of the Microsoft graph - leverages the Microsoft Intelligence Security Graph to integrate
detection and exploration with Office 365 ATP subscription, to track back and respond to
attacks.
Read more at https://blogs.microsoft.com/microsoftsecure/2017/03/13/whats-new-in-the-windows-
defender-atp-creators-update-preview/
To provide Detection capabilities, Windows 10 improves our OS memory and kernel sensors to enable
detection of attackers who are employing in-memory and kernel-level attacks – shining a light into
previously dark spaces where attackers hid from conventional detection tools. We’ve already
successfully leveraged this new technology against zero-days attacks on Windows.
We continue to upgrade our detections of ransomware and other advanced attacks, applying our
behavioral and machine-learning detection library to counter changing attacks trends. Our historical
detection capability ensures new detection rules apply to up to six months of stored data to detect
attacks that previously went unnoticed. Customers can also add customized detection rules or IOCs to
augment the detection dictionary.
13. W i n d o w s 1 0 a n d t h e G D P R P a g e 12 | 18
Customers asked us for a single pane of glass across the entire Windows security stack. Windows
Defender Antivirus detections and Device Guard blocks are the first to surface in the Windows Defender
ATP portal interleaved with Windows Defender ATP detections. The new user entity adds identity as a
pivot, providing insight into actions, relationships, and alerts that span machines and allow us to track
attackers moving laterally across the network.
Our alert page now includes a new process tree visualization that aggregates multiple detections and
related events into a single view that helps security teams reduce the time to resolve cases by providing
the information required to understand and resolve incidents without leaving the alert page.
Security Operations (SecOps) can hunt for evidence of attacks, such as file names or hashes, IP
addresses or URLs, behaviors, machines, or users. They can do this immediately by searching the
organization’s cloud inventory, across all machines – and going back up to 6 months in time – even if
machines are offline, have been reimaged, or no longer exist.
14. W i n d o w s 1 0 a n d t h e G D P R P a g e 13 | 18
When detecting an attack, security teams can now take immediate action: isolate machines, ban files
from the network, kill or quarantine running processes or files, or retrieve an investigation package from
a machine to provide forensic evidence – with a click of a button. Because while detecting advanced
attacks is important – shutting them down is even more so.
15. W i n d o w s 1 0 a n d t h e G D P R P a g e 14 | 18
Identity Protection
Identify and access management is another area where the GDPR has placed special emphasis by calling
for mechanisms to grant and restrict access to data subject personal data (e.g., role-based access,
segregation of duties).
Multi-factor protection
Biometric authentication – using your face, iris, or fingerprint to unlock your devices – is much safer
than traditional passwords. You– uniquely you– plus your device are the keys to your apps, data and
even websites and services – not a random assortment of letters and numbers that are easily forgotten,
hacked, or written down and pinned to a bulletin board.
Your ability to protect personal and sensitive data, that may be stored or accessed through desktop or
laptops will be further enhanced by adopting advanced authentication capabilities such as Windows
Hello and Windows Hello Companions. Windows Hello, part of Windows 10, gives users a personal,
secured experience where the device is authenticated based on their presence. Users can log in with a
look or a touch, with no need for a password.
In conjunction with Windows Hello, biometric authentication uses fingerprints or facial recognition and
is more secure, more personal, and more convenient. If an application supports Hello, Windows 10
enables you to authenticate applications, enterprise content, and even certain online experiences
without a password being stored on your device or in a network server at all.
Windows Hello works with the Companion Device Framework to enhance the user authentication
experience. Using the Windows Hello companion device framework, a companion device can provide a
rich experience for Windows Hello even when biometrics are not available (e.g., if the Windows 10
desktop lacks a camera for face authentication or fingerprint reader device, for example).
There are numerous ways one can use the Windows Hello companion device framework to build a great
Windows unlock experience with a companion device. For example, users could:
• Work offline (e.g., while traveling on a plane)
• Attach their companion device to PC via USB, touch the button on the companion device, and
automatically unlock their PC.
• Carry a phone in their pocket that is already paired with their PC over Bluetooth. Upon hitting
the spacebar on their PC, their phone receives a notification. Approve it and the PC simply
unlocks.
• Tap their companion device to an NFC reader to quickly unlock their PC.
• Wear a fitness band that has already authenticated the wearer. Upon approaching PC, and by
performing a special gesture (like clapping), the PC unlocks.
16. W i n d o w s 1 0 a n d t h e G D P R P a g e 15 | 18
Protection against attacks by isolating user credentials
As noted in the Windows 10 Credential Theft Mitigation Guide, “the tools and techniques criminals use
to carry out credential theft and reuse attacks improve, malicious attackers are finding it easier to
achieve their goals. Credential theft often relies on operational practices or user credential exposure, so
effective mitigations require a holistic approach that addresses people, processes, and technology. In
addition, these attacks rely on the attacker stealing credentials after compromising a system to expand
or persist access, so organizations must contain breaches rapidly by implementing strategies that
prevent attackers from moving freely and undetected in a compromised network.”
An important design consideration for Windows 10 was mitigating credential theft—in particular,
derived credentials. Credential Guard provides significantly improved security against derived credential
theft and reuse by implementing a significant architectural change in Windows designed to help
eliminate hardware-based isolation attacks rather than simply trying to defend against them.
When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected
using virtualization-based security, the credential theft attack techniques and tools used in many
targeted attacks are blocked. Malware running in the operating system with administrative privileges
cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a
powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should
also incorporate Device Guard, as described above, and other security strategies and architectures.
Information Protection
The GDPR is focused on information protection regarding data that is considered as personal or sensitive
in relation to a natural person, or data subject. Device protection, protection against threats, and
identity protection are all important elements of a Defense in Depth strategy surrounding a layer of
information protection in your laptop and desktop systems.
As to the protection of data, the GDPR recognizes that in assessing data security risk, consideration
should be given to the risks that are presented such as accidental loss, unauthorized disclosure of,
or access to, personal data transmitted, stored or otherwise processed. It also recommends that
measures taken to maintain an appropriate level of security should consider the state-of-the-art
and the costs of implementation in relation to the risks among other factors.
Windows 10 provides built in risk mitigation capabilities for today’s threat landscape. In this section,
we will look at the types of technologies that will help your journey toward GDPR compliance and at
the same time provide you with solid overall data protection as part of a comprehensive
information protection strategy.
17. W i n d o w s 1 0 a n d t h e G D P R P a g e 16 | 18
A Comprehensive Information Protection Strategy
Encryption for lost or stolen devices
The GDPR calls for mechanisms that implement appropriate technical security measures to confirm the
ongoing confidentiality, integrity, and availability of both personal data and processing systems.
BitLocker Drive Encryption, first introduced as part of Microsoft's Next-Generation Secure Computing
Base architecture in 2004 and made available with Windows Vista, is a built-in data protection feature
that integrates with the operating system and addresses the threats of data theft or exposure from lost,
stolen, or inappropriately decommissioned computers.
BitLocker provides the most protection when used with a Trusted Platform Module (TPM) version 1.2 or
later. The TPM is a hardware component installed in many newer computers by the computer
manufacturers. It works with BitLocker to protect user data and to ensure that a computer has not been
tampered with while the system was offline.
Data on a lost or stolen computer is vulnerable to unauthorized access, either by running a software-
attack tool against it or by transferring the computer's hard disk to a different computer. BitLocker helps
mitigate unauthorized data access by enhancing file and system protections. BitLocker also helps render
data inaccessible when BitLocker-protected computers are decommissioned or recycled.
Related to BitLocker are Encrypted Hard Drives, a new class of hard drives that are self-encrypting at a
hardware level and allow for full disk hardware encryption. Encrypted Hard Drives use the rapid
encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
By offloading the cryptographic operations to hardware, Encrypted Hard Drives increase BitLocker
performance and reduce CPU usage and power consumption. Because Encrypted Hard Drives encrypt
data quickly, enterprise devices can expand BitLocker deployment with minimal impact on productivity.
Some of the benefits of Encrypted Hard Drives include:
• Better performance: Encryption hardware, integrated into the drive controller, allows the drive
to operate at full data rate with no performance degradation.
• Strong security based in hardware: Encryption is always "on" and the keys for encryption never
leave the hard drive. User authentication is performed by the drive before it will unlock,
independently of the operating system
• Ease of use: Encryption is transparent to the user because it is on by default. There is no user
interaction needed to enable encryption. Encrypted Hard Drives are easily erased using on-
board encryption key; there is no need to re-encrypt data on the drive.
• Lower cost of ownership: There is no need for new infrastructure to manage encryption keys,
since BitLocker leverages your Active Directory Domain Services infrastructure to store recovery
information. Your device operates more efficiently because processor cycles do not need to be
used for the encryption process.
Preventing accidental data leaks to unauthorized users
Part of the reality of your operating in a mobile-first, cloud-first world is the notion that some laptops
will have multiple purposes – both business and personal. Yet that data that is considered as personal
18. W i n d o w s 1 0 a n d t h e G D P R P a g e 17 | 18
and sensitive regarding EU residents considered as “data subjects” must be protected in line with the
requirements of the GDPR.
Windows Information Protection helps people separate their work and personal data and keeps data
encrypted wherever it’s stored. Your employees can safely use both work and personal data on the
same device without switching applications. Windows Information Protection helps end users avoid
inadvertent data leaks by sending a warning when copy/pasting information in non-corporate
applications – end users can still proceed but the action will be logged centrally.
For example, employees can’t send protected work files from a personal email account instead of their
work account. They also can’t accidently post personal or sensitive data from a corporate site into a
tweet. Windows Information Protection also helps ensure that they aren’t saving personal or sensitive
data in a public cloud storage location.
Capabilities to classify, assign permissions and share data
Windows Information Protection is designed to coexist with advanced data loss prevention (DLP)
capabilities found in Office 365 ProPlus, Azure Information Protection, and Azure Rights Management.
Advanced DLP prevents printing, for example, or protects work data that is emailed outside your
company.
To protect data at all times, regardless of where it is stored, with whom it is shared, or if the device is
running iOS, Android or Windows, the classification and protection needs to be built into the file itself so
this protection can travel with the data wherever it goes. Microsoft Azure Information Protection (AIP)
is designed to provide this persistent data protection both on-premises and in the cloud.
Data classification is an important part of any data governance plan. Adopting a classification scheme
that applies throughout your business can be particularly helpful in responding to what the GDPR calls
data subject (i.e., your EU employee or customer) requests, because it enables enterprises to identify
more readily and process personal data requests.
Azure Information Protection can be used to help you classify and label your data at the time of creation
or modification. Protection in the form of encryption, which the GDPR recognizes may be appropriate at
times, or visual markings can then be applied to data needing protection.
With Azure Information Protection, you can either query for data marked with a sensitivity label or
intelligently identify sensitive data when a file or email is created or modified. Once identified, you can
automatically classify and label the data – all based on the company’s desired policy.
19. W i n d o w s 1 0 a n d t h e G D P R P a g e 18 | 18
Azure Information Protection also helps your users share sensitive data in a secure manner. In the
example below, information about a sensitive acquisition was encrypted and restricted to a group of
people who were granted only a limited set of permissions on the information – they could modify the
content but could not copy or print it.
Windows 10 Resources To Help You Meet The GDPR
• Windows 10 Security Guide: https://technet.microsoft.com/en-us/itpro/windows/keep-
secure/windows-10-security-guide
• Windows Hello: https://www.youtube.com/watch?v=WOvoXQdj-9E
• Windows Defender Antivirus: https://www.youtube.com/watch?v=P1aNEy09NaI
• Windows Defender Advanced Threat Protection:
https://www.youtube.com/watch?v=qxeGa3pxIwg
• Device Guard: https://www.youtube.com/watch?v=F-pTkesjkhI
• Credential Guard: https://www.youtube.com/watch?v=F-pTkesjkhI
• Windows Information Protection: https://www.youtube.com/watch?v=wLkQOmK7-Jg