The detailed GDPR evaluation tool from Microsoft can help partner organizations determine what their customers need to be prepared before the European Union's data privacy regulation comes into force.
Time is running out for companies that are preparing for the General Regulation of Data Protection of the European Union. The GDPR rules will not only have a major impact on the way organizations conduct business in Europe, but also how they manage and secure their IT systems, cloud services and storage architectures.
Microsoft wants to lend a hand with a tool that can help partner organizations get their customers ready for GDPR.
GDPR is a set of strict privacy and data security rules that apply to organizations doing business in Europe, even if they are based elsewhere. Fines can reach up to four percent of a company's global revenues if it mishandles the personal identification information of users in the region.
Established to take effect on May 25, 2018, organizations have only a few months to have their systems, services and data management processes and IT for GDPR ready. Microsoft already offers its cloud customers a GDPR compliance management dashboard that they can use to evaluate how their configurations stack up.
Now the company's extensive network of partners can also help its clients prepare for DGPR.
Partner organizations can now use the Microsoft GDPR Detailed Assessment, which is available through the Microsoft Partner Network, to help assess how customers will fare under the new regime.
"The tool provides an in-depth analysis of an organization's preparedness and offers a practical guide on how to prepare for compliance, including how Microsoft's products and features can help simplify the journey," explained Daniel Grabski, executive safety advisor in Microsoft Enterprise Cybersecurity Group, in a blog post
"The detailed evaluation of Microsoft GDPR is intended to be used by Microsoft partners that help customers assess where they are on their way to GDPR preparation." GDPR's detailed evaluation is accompanied by support materials to help our partners to facilitate customer evaluations. " the Microsoft executive.
The software giant warns that although it offers critical information, the tool is not intended to be used as a GDPR compliance certification system. Clients are ultimately responsible for their own GDPR compliance initiatives, ideally under the guidance of their compliance and legal teams, Grabski said.
Microsoft estimates that users will face a process of partner participation that will last three to four weeks. Completing the process takes approximately 10 to 20 hours of practical work, depending on the number of participants involved and the complexity of the client's organization, Grabski added.
There are other Microsoft tools that customers can use to prepare for GDPR.
On November 26, Microsoft released a preliminary version of its Compliance Manager system. Organizations can use the tool to see how their product deployments in the Microsoft cloud, including Office 365 and Azure cloud computing services, resist GDPR and other regulatory schemes.
A fully compliant general availability version is planned for 2018. Meanwhile, Microsoft is busy adding more GDPR content, along with additional regulatory standards, including Special Publication 800-53 of the National Institute of Standards and Technology (NIST), a set of security and privacy controls for critical infrastructure organizations and federal government agencies.
