After months of waiting, Microsoft's cloud customers can finally start evaluating Microsoft's GDPR compliance management dashboard for a spin.
GDPR, or the EU's General Data Protection Regulation, goes into effect on May 25, 2018. As the date approaches, companies that do business in Europe are assessing how well or poorly their IT resources and processes adhere to the stringent data privacy regulation, which calls for stiff financial penalties for organizations that mishandle personally identifiable information of up to four percent of a company's global revenue.
In May, Microsoft teased the fall release of a tool, officially named Compliance Manager, that would help customers of the company's cloud products, including Office 365 and suite of Azure services, see how their implementations stand up to GDPR and other regulations. As promised, Microsoft released the Compliance Manager preview landed on Nov. 16.
Although regulatory compliance is often viewed as a necessary yet burdensome part of doing business in many industries, Microsoft takes a different view. Alym Rayani, product management lead at Microsoft Office 365 Security, Compliance and Analytics, said the software giant considers "compliance as an enabler of digital transformation," during a demonstration of the dashboard. Microsoft views regulations and efforts involving compliance as an ongoing "strategic opportunity, not a one-time event," he said.
It's a view that was influenced by Microsoft's own experiences running a multinational corporation that operates in various geographies and industries while embarking on a cloud-first transformation of its own. Now, the company is turning its attention to its business customers. "We're committed to helping customers with their GDPR compliance when they use our cloud services," Rayani said.
Compliance Manager displays an at-a-glance summary of an organization's compliance posture as it relates to Microsoft services (Office 365, Dynamics 365, etc.) and the regulation frameworks it must adhere to.
In addition to reporting and risk assessment tools, the dashboard contains recommendations and advice on implementing the appropriate controls and business processes, along with management tools that compliance officers can use to assign compliance-related tasks to users and track their progress.
General availability is scheduled for 2018. In the meantime, Microsoft is working on adding more GDPR content before the regulation goes into effect and expanding Compliance Manager's catalog of regulatory standards to include National Institute of Standards and Technology (NIST) Special Publication 800-53, among others, according to this Nov. 16 announcement. A video of the tool in action is available here.
For Microsoft, a focus on regulatory compliance is also an opportunity to grow its cloud business.
The company recently sponsored a survey of 1,542 IT decision makers in the U.S. and Europe. The results, compiled by YouGov, show that regulatory compliance can help nudge enterprises onto a cloud migration path.
"Of those surveyed, 41 percent said they are likely to move more of their company's infrastructure to the cloud to become compliant," blogged Ron Markezich, corporate vice president of marketing at Microsoft Office 365. "All told, 92 percent of IT decision makers in companies that store data primarily in the cloud identified as being confident in their GDPR readiness, compared with just 65 percent of those who prefer to store data on-premises."