GDPR and Retail: Four GDPR requirements and how Microsoft can help

Learn how we can help you meet GDPR requirements with solutions available today:

Assessing your current risk profile

“How do I understand where I am already compliant and where I need to focus next?” This is one of the most common questions from retailers in regard to the GDPR. It’s also one of the hardest to answer because every retailer is different. Fortunately, our new Compliance Manager solution can help. Compliance Manager enables you to conduct real-time risk assessment, providing one intelligent score that reflects your compliance performance against data protection regulatory requirements when using Microsoft cloud services. You will also be able to use the built-in control management and audit-ready reporting tools to improve and monitor your compliance posture. You can sign up for the preview program now.

Complying with the new consent requirements

GDPR sets a high bar for consent by stating that consent must be “freely given, specific, informed, and unambiguous.” Retailers will need to be able trace back how and when they obtained consent for personal data collection and processing. The intelligent classification, labeling, and protection capabilities found in our solutions Microsoft Azure Data Catalog, Office 365 Advanced Data Governance, and Office 365 eDiscovery will help you recognize the date types being collected, record what permissions the customer granted, and classify data accordingly.

Meeting data breach and protection obligations

As most of us are well aware due to the significant penalties for non-compliance, the GDPR introduces new obligations for data protection, increased accountability, and mandatory breach reporting. The good news is that compliance with these requirements will not only help current and future customers, but also your business. As the number and sophistication of cyberattacks increases, it becomes more urgent to protect your most important data with cutting-edge security capabilities. To better protect against threats, we built the Intelligent Security Graph, which links together security, business, and operational signals from across our commercial and consumer services to build richer threat context. This security intelligence enables solutions like Office 365 Advanced Threat Protection, Windows Defender Advanced Threat Protection, and Azure Active Directory to take action and bring in unified preventative measures that improve the efficiency of protecting, detecting, and responding to security incidents.

Responding to data subject requests

Retailers have increased obligations under the GDPR to comply with customers’ requests to access and correct errors in their personal data, erase data about them in certain instances, and object to processing of their personal data for particular purposes. Office 365 eDiscovery can help by making it easy to search for the personal data related to data subjects. And with our recent feature release, Office 365 Advanced eDiscovery can now analyze non-Office 365 data. Having one eDiscovery workflow for both Office 365 and non-Office 365 data will help you respond to data subject requests more efficiently and effectively.

This article first appeared on enterprise.microsoft.com.