Book a free consultation call with an expert today!

Microsoft’s commitment to GDPR

By virtuoso


May 8, 2022

Today (Friday 25th May), is the day when the European Union’s General Data Protection Regulation — better known as GDPR — officially takes effect. Its effects have been far reaching and you’ve no doubt been bombarded with emails from services and products you use or own because of it.

But what are the benefits? GDPR is an important step forward for privacy rights in Europe and around the world, and Microsoft have been enthusiastic supporters of GDPR since it was first proposed in 2012. It sets a strong standard for privacy and data protection by empowering people to control their personal information. Microsoft have been a key player in working to achieve its aims and are one of a small number of companies participating in the official events in Brussels.

Microsoft have been vocal in expressing their opinion that privacy is a fundamental human right. As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever.

Privacy is also the foundation for trust. We know that people will only use technology that they trust. Ultimately, trust is created when people are confident that their personal data is safe and they have a clear understanding of how and why it is used. This means companies like Microsoft have a huge responsibility to safeguard the privacy of the personal data we collect and the data we manage for our commercial customers.

Microsoft’s commitment to GDPR compliance

Microsoft are committed to making sure that their products and services comply with GDPR. They are proud to boast that they’ve had more than 1,600 engineers across the company working on GDPR projects. Since its enactment in 2016, Microsoft have made significant investments to redesign their tools, systems and processes to meet the requirements of GDPR. Today, GDPR compliance is deeply ingrained in their culture and embedded in the processes and practices that are at the heart of how they build and deliver products and services.

May 25 isn’t the end of their work though. Instead, it is the beginning of the next phase of their focus on GDPR. The complex regulatory framework is as new to privacy regulators as it is to Microsoft so the ongoing interpretation of the details of this regulation will determine the steps that they take to maintain compliance. As customers use Microsoft tools and experience other features they have also stated they will listen to feedback and suggestions for improvements. Because regulatory interpretations change with experience and changing circumstances over time, they will constantly evaluate their products, services and data uses as understanding of GDPR evolves.

Updating the privacy statement for our consumer services

Microsoft have also published an updated privacy statement governing their consumer products and services. The new privacy statement reflects the decision to extend key rights under GDPR to consumers around the world. It also incorporates more specific information and changes related to GDPR. But perhaps most importantly, it is designed to be clearer and more transparent. You can read the new privacy statement here. And you can find out what’s new in the privacy statement here.

Helping businesses and organisations with their own GDPR compliance obligations

A lot of the focus on GDPR during the past year has been on how large technology companies are ensuring that the products and services that they provide comply with the obligations that go into effect on May 25. This is of course important but Microsoft is committed to helping other businesses and organisations succeed. They create the technology and tools that others use to transform their own businesses and drive success. They succeed only when their customers succeed. Therefore, an especially important part of our GDPR effort has been the work to develop tools, best practices and guidance to enable enterprise customers to prepare for implementation of GDPR.

As GDPR goes into effect, one of the most important goals is to help businesses become trusted stewards of their customers’ data. This is why Microsoft offer a robust set of tools and services for GDPR compliance that are backed up by contractual commitments.

For most companies, it will simply be more efficient and less expensive to host their data in the Microsoft Cloud where their customers’ data is protected and GDPR compliance is maintained.

Virtuoso are deeply embedded in the Microsoft technology ecosystem, but of course GDPR is about more than Microsoft or even technology per se. Even with a committed effort and the right tools data breaches will happen and Article 33 of the GDPR is clear, in the event of a breach “…the controller shall…not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authorities.”

But the reality may be different. At a recent GDPR summit, Ardi Kolah, privacy expert and Director at the GDPR Transition Programme at Henley Business School pointed out that, “There is a gulf between what GDPR expects and the current reality… research has found the average length of time it takes an organisation to discover they have a data breach is 128 days.” As Anthony Lee, a Partner at DMH Stallard who specialises in IT and data privacy, said at the same conference, ”don’t write a plan in the middle of a crisis”.

The gap in reporting, along with all the other challenges of the GDPR, are much easier to meet within the Microsoft Cloud. Virtuoso can help you get there.

Learn more at: