Microsoft is the latest global-scale cloud provider to recently tout the steps it is taking to comply with the European Union's (EU) General Data Protection Regulation (GDPR).
The stringent privacy regulation is primarily focused on protecting the personal identifiable information of users, explained David Jones, senior vice president of the Security and Information Governance Business Unit at Hewlett Packard Enterprise, in a recent eWEEK interview. Approved by the EU's parliament in April 2016, GDPR can mean big fines for organizations that fail to comply when enforcement actions go into effect on May 25, 2018.
Julia White, corporate vice president of Microsoft Azure and Security, detailed some of the ways her company is getting ready for the looming deadline and helping cloud customers do the same in a blog post. And the industry looks like it could use a nudge.
Half of all organizations won't be CGPR-compliant a year from now when the regulation take effect, she wrote, citing a forecast from technology research firm Gartner. The regulation encompasses about 160 requirements, including a 72-hour notification in the event of a personal data breach along with conditions on how personal data is collected, stored and used.
To aid the company's cloud customers with their own compliance efforts, White announced a new dashboard that offers users an at-a-glance accounting of how their Azure and Office 365 environments stack up. She announced that "later this year we plan to release a new dashboard that provides a quantitative assessment to help identify where you are in your journey to GDPR compliance."
The Risk and Compliance Dashboard borrows its look and feel from other Microsoft's offerings like Power BI that help users quickly digest metrics and track their progress. "This upcoming release builds on the foundation of Office 365 Secure Score, launched earlier this year, to provide you greater clarity on your path toward GDPR compliance." Secure Score is an analytics tool that applies a score, similar to a consumer credit score, to a customer organization's Office 365 security configuration along with a Score Analyzer that tracks the score over time.
For its part, Microsoft has committed to making several of its cloud-based offerings GDPR compliant by the deadline. These include Azure as well as its cloud data services suite, Dynamics 365, Enterprise Mobility and Security, the cloud-connected components in the Windows 10 operating system, and Office 365.
Meanwhile, other tech titans are bolstering their own GDPR compliance efforts.
IBM's Resilient Incident Response Platform, which the company acquired last year, is gaining new GDPR-specific capabilities, including a privacy module, incident simulator and a preparatory guide. For organizations coming to grips with GDPR, Ted Julian, vice president of product management and co-founder of IBM Resilient, recommends running a simulation at least once each quarter to expose gaps and build a familiarity with the regulation.
Earlier this month, Google reiterated its commitment to the GDPR. Both the Google Cloud Platform and G Suite, a collection of productivity and collaboration apps, are certified under Privacy Shield, verifying their adherence to the GDPR's privacy and security standards.