The European Union is looking to implement a reform of its data protection rules, which will apply starting May 25, 2018. The GDPR (General Data Protection Regulation) is “an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the Digital Single Market.”
In a post from its On The Issues blog, Microsoft’s Chief Privacy Officer, Brendon Lynch states that the GDPR “is the most significant change to European Union (EU) privacy law in two decades.” Emphasis is put on the company’s commitment to the compliance with this new law across all its cloud services when enforcement begins in May of next year.
The CPO makes it clear that clients will be able to use Microsoft’s cloud services to fulfill their GDPR obligations regarding “deletion, rectification, transfer of, access to and objection to processing of personal data”, as well as the fact that the software giant’s journey towards GDPR compliance will be documented and shared with its clients. These commitments will be reflected in the updated cloud services licensing agreements, starting March, 2017.
According to mr. Lynch, Microsoft was the first service provider to achieve compliance with the ISO 27018 cloud privacy standard, has the most comprehensive set of compliance offerings, over 100 datacenters, and invests over $1 billion annually in security.
Nestled within all these points is the tiny matter of consequences for failure to comply with this law. Companies that fail to comply with the GDPR face substantial fines of up to 20 million Euros or 4% of annual worldwide turnover, whichever is higher.
The Regulation will apply starting May 25, 2018 onwards, with EU member states having to transpose it into their national law by May 6, 2018.
Source: Microsoft On The Issues