In this short presentation, I hope to bring better awareness of how Microsoft 365 and Office can work really well together to help you deal with GDPR

1. #AllAccessIT
#AllAccessIT
Tackling GDPR with Microsoft
365 and Office 365
Andrew Bettany, MVP, Author

2. #AllAccessIT#AllAccessIT
Live life without regret, believe in your potential, don’t stop!
Andrew Bettany
• IT Masterclasses Ltd – bespoke technical training
• Microsoft Most Valuable Professional since 2012
• Windows User Group
• Microsoft Press Windows Author
• Freelance Trainer / Course Author
• Microsoft Learning Regional Lead for UK
• LinkedIn & Pluralsight Video Author
Specialties: Microsoft 365 | Windows Client | Windows Server | Deployment
andrew@itmasterclasses.com @andrew_bettany

3. Providing clarity and consistency for the
protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The General Data Protection
Regulation (GDPR) imposes new
rules on organizations in the European
Union (EU) and those that offer goods
and services to people in the EU, or that
collect and analyze data tied to EU
residents, no matter where they are
located.

4. Providing clarity and consistency for the
protection of personal data
Enhanced personal privacy rights
Increased duty for protecting data
Mandatory breach reporting
Significant penalties for non-compliance
The General Data Protection
Regulation (GDPR) imposes new
rules on organizations in the European
Union (EU) and those that offer goods
and services to people in the EU, or that
collect and analyze data tied to EU
residents, no matter where they are
located.

5. #AllAccessIT

6. #AllAccessIT
m

7. Providing clarity and consistency for the
protection of personal data
BREXIT has no impact on GDPR
Information Commissioner will be
the authority in charge in the UK
May 2018 GDPR becomes effective
Data Protection Bill will replace the
Data Protection Act 1998GDPR has direct effect across
all EU member states
UK Data Protection Bill
implements the General Data
Protection Regulation plus
additional National Security
provisions

8. Personal data
Any information related to an
identified or identifiable natural
person including direct and
indirect identification.
Examples include:
• Name
• Identification number (e.g., N.I
numbers)
• Location data (e.g., home
address)
• Online identifier (e.g., e-mail
address, screen names, IP
addresses, device IDs)
How GDPR defines
personal data

9. Sensitive personal data
Personal data afforded enhanced
protections:
• Genetic data (e.g., an individual’s gene
sequence)
• Biometric Data (e.g., fingerprints, facial
recognition, retinal scans)
• Sub categories of personal data
including:
• Racial or ethnic origin
• Political opinions, religious or
philosophical beliefs
• Trade union membership
• Data concerning health
• Data concerning a person’s sex life or
sexual orientation
How GDPR defines
personal data

10. Key changes needed to address GDPR?
Personal
privacy
Controls and
notifications
Transparent
policies
IT and training
Organizations will need to:
• Train privacy personnel
& employee
• Audit and update data
policies
• Employ a Data
Protection Officer (if
required)
• Create & manage
compliant vendor
contracts
Organizations will need to:
• Protect personal data
using appropriate security
• Notify authorities of
personal data breaches
• Obtain appropriate
consents for processing
data
• Keep records detailing
data processing
Individuals have the right to:
• Access their personal
data
• Correct errors in their
personal data
• Erase their personal data
• Object to processing of
their personal data
• Export personal data
Organizations are required
to:
• Provide clear notice of
data collection
• Outline processing
purposes and use cases
• Define data retention
and deletion policies

11. Protecting customer
privacy with GDPR
Improved data policies to provide
control to data subjects and ensure
lawful processing
Stricter control on
where personal data
is stored and how it is
used
Better data
governance
tools for better
transparency,
recordkeeping and
reporting
What does this mean for my data?

12. GDPR Compliance
• Data Classification
and Labeling
• Data Protection
• Data Retention
• Audit
• Disposal
• User and
Device
Protection

13. Classification and labelling
Discover personal data and apply persistent labels
Labels are persistent and
readable by other systems
e.g. DLP engine
Labels are metadata
written to data
Sensitive data is
automatically detected

14. Information Protection is ALL about Labelling
Payroll
No Personal
Identifiable
Information
Consumer
Do not delete
Ex Employee
Contains PII
Employee
Bank Details

15. #AllAccessIT#AllAccessIT
Azure Information Protection
Demo
Andrew Bettany

16. PCs, tablets, mobile
Office 365 Data Loss PreventionWindows Information Protection
& BitLocker for Windows 10
Azure Information Protection
Exchange Online,
SharePoint Online,
Skype for Business &
OneDrive for Business
Highly
regulated
Microsoft Intune MDM & MAM
for Windows, iOS & Android Microsoft Cloud App Security
Office 365 Advanced Data Governance
Azure
Information
Protection
Comprehensive protection of sensitive data across devices, cloud services, and on-premises
Windows 10 Office 365 EM+S & Cloud
Services
Advanced Device
Management

17. #AllAccessIT
Microsoft 365 Business
Microsoft 365 Education
Microsoft 365 Enterprise
*Offered on a per user/per month

18. Microsoft 365 Business
Security & Compliance Controls
• The most secure and up-to-date version of Office & Windows
• Threat Protection (Virus, Malware) for emails
• Malware and Spyware Detection and Removal
• Virus Detection and Removal, Boot Time Protection
• Data Always encrypted on devices
• 2 Factor authentication needed to access data on PC/Mobile
• Protect data on Mobile Devices (Copy/Paste/Save operations)
• Benchmark your controls with Secure Score
• Gain visibility with the Security & Compliance Center

19. Microsoft 365 Business
Office 365 Business Premium
Windows 10 Pro
EM+S*
* Limited Intune and Azure AD
Premium features
Microsoft 365 Business
£15.10 per user/per
month
(Compared to
Office 365 Business Premium
£9.40 per user/per month)
Small to mid-size
businesses for up to 300

20. Microsoft 365 Enterprise E3
Identity, Information & Device Protection
• Classification and Labeling
• Multi-Factor Authentication
• Message Encryption and Rights Management
• Tracking, Reporting, and Revoking Privileges
• Advanced Threat Protection: Safe Links, Safe Attachments
• Cloud App Security

21. Microsoft 365
Enterprise E3
Office 365 Enterprise E3*
Windows 10 Enterprise E3
EM+S E3
* + On-premises server rights
for SharePoint, Exchange, Skype
for Business
Microsoft 365
Enterprise E3
£28.00 per user/per
month

22. Microsoft 365 Enterprise E5
Advanced Compliance & Protection
• Automatically classify, protect & preserve sensitive data
• Shadow IT Detection with Microsoft Cloud App Security
• Real Time Risk based access to corporate network
• Anomalous Attack Detection and Reporting
• Single Sign On to 2700+ non-Microsoft Cloud Apps
• Additional customer access controls for Microsoft support
• Windows Defender Advanced Threat Protection

23. Microsoft 365
Enterprise E5
Office 365 Enterprise E5*
Windows 10 Enterprise E5
EM+S E5
Microsoft 365
Enterprise E5
£51.90 per user/per
month
* + On-premises server rights
for SharePoint, Exchange, Skype
for Business

24. Microsoft Cloud App Security
Discover and
assess risks
Control access
in real time
Detect
threats
Protect your
information
Identify cloud apps on your
network, gain visibility into
shadow IT, and get risk
assessments and ongoing
analytics
Manage and limit cloud
app access based on
conditions and session
context, including user
identity, device, and
location
Identify high-risk usage
and detect unusual
behavior using Microsoft
threat intelligence and
research
Get granular control over
data and use built-in or
custom policies for data
sharing and data loss
prevention

25. #AllAccessIT#AllAccessIT
Cloud App Security
Demo
Andrew Bettany

26. Microsoft 365 Enterprise Technology Benefit E3 E5
Azure Active Directory
Premium P1
Secure single sign-on to cloud and on-premises app
MFA, conditional access, and advanced security
reporting
● ●
Azure Active Directory
Premium P2
Identity and access management with advanced
protection for users and privileged identities ●
Microsoft Intune
Mobile device and app management to protect
corporate apps and data on any device ● ●
Azure Information
Protection P1
Encryption for all files and storage locations
Cloud-based file tracking
● ●
Azure Information
Protection P2
Intelligent classification and encryption for files
shared inside and outside your organization ●
Microsoft Cloud App
Security
Enterprise-grade visibility, control, and protection
for your cloud applications ●
Microsoft Advanced
Threat Analytics
Protection from advanced targeted attacks
leveraging user and entity behavioral analytics ● ●
Identity and
access
management
Managed mobile
productivity
Information
protection
Threat Detection

27. #AllAccessIT#AllAccessIT
Resources
https://www.microsoft.com/TrustCenter/Privacy/gdpr/default.aspx
https://www.microsoft.com/microsoft-365/business
https://docs.microsoft.com/microsoft-365/business
https://www.microsoft.com/microsoft-365/enterprise
https://www.microsoft.com/cloud-platform/enterprise-mobility-security
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr

28. Contact info@itmasterclasses.com to discuss:
• Microsoft 365 Technical Training
• GDPR awareness training