Microsoft – GDPR Project Management Click to add title Click to add title Speaker: Click to add subtitle Click to add subtitle Cathal McDermott Privacy Attorney - Privacy and Regulatory Affairs Microsoft
“Make no mistake, the GDPR sets a new and higher bar for privacy rights, for security, and for compliance. Click to add title And while your journey to GDPR may seem challenging, Microsoft is here to help all of our customers around the world.” Click to add subtitle Brad Smith President & Chief Legal Officer Microsoft Corporation
Microsoft Privacy Principles Click to add title Click to add subtitle
GDPR OV OVERVIEW Click to add title Personal Controls and Transparent IT and training privacy notifications policies Click to add subtitle Individuals have the right to: Organizations will need to: Organizations are required Organizations will need to: to: Access their personal data Protect personal data using Train privacy personnel & • • • appropriate security Provide clear notice of employee • Correct errors in their • data collection personal data Notify authorities of Audit and update data • • personal data breaches Define processing policies • Erase their personal data • purposes, lawful basis for Obtain appropriate consents Employ a Data Protection • • Object to processing of • processing, and use cases Officer (if required) for processing data their personal data Define data retention • Keep records detailing data Create & manage • • Export personal data • and deletion policies processing compliant vendor contracts
Project Framework for GDPR Compliance Click to add title Click to add subtitle Assessing and managing Protecting and securing our Streamlining our processes personal data our compliance risk Assessing and managing or https://www.microsoft.com/en-us/trustcenter/Privacy/GDPR
Click to add title Extensive personal data store inventorying, data protection impact assessments and privacy reviews, and processes for the monitoring, measurement, and Click to add subtitle Assessing and managing enforcement of privacy compliance our compliance risk Assessing and managing or https://www.microsoft.com/en-us/trustcenter/Privacy/GDPR
Click to add title Through built-in, intelligent security capabilities that work together to more effectively secure personal data (including employee data) Click to add subtitle Protecting and securing personal data Assessing and managing or https://www.microsoft.com/en-us/trustcenter/Privacy/GDPR
Click to add title Empower our consumer users to access and manage their data, help our commercial customers meet their own compliance obligations, and train our employees, Click to add subtitle Streamlining our processes partners, and vendors on privacy readiness. https://www.microsoft.com/en-us/trustcenter/Privacy/GDPR
Click to add title Click to add subtitle
Microsoft Privacy Click to add title Click to add subtitle
Click to add title Click to add subtitle Next Generation Privacy
Next Generation Privacy Companywide initiative called Next Generation Privacy (NGP) • Click to add title Comprehensive framework that includes policies, processes, • technical infrastructure, and customer experiences to address privacy at all levels of our organization and deliver the standardisation needed for compliance Click to add subtitle Accountable executives in each of our engineering, business, • and specialised organisations that are responsible for GDPR compliance in their group
“Our legal team engaged in routine “office hours” to support engineering and compliance teams in addressing complex interpretation questions. Answers to these questions were catalogued for use by other teams and to ensure consistency of application.” –John Payseno, Assistant General Counsel, Microsoft
Privacy Engineering - Next Generation Approach Click to add title Click to add subtitle
Click to add title Click to add subtitle Business Implementation Requirements Documents (BIRDs)
Investing in technology to scale and drive consistency Click to add title Click to add subtitle
Recommend
More recommend
