Time is running out for businesses preparing for the European Union's General Data Protection Regulation. The GDPR rules will not only have a big impact on how organizations conduct business in Europe, but also on how they manage and secure their IT systems, cloud services and storage architectures.
Microsoft wants to lend a hand with a tool that can help partner organizations get their customers GDPR-ready.
GDPR is a set of stringent data privacy and security that apply to organizations that do business in Europe, even if they are based elsewhere. Penalties can reach as high as four percent of a company's global revenue if it mishandles the personally identifiable information of users in the region.
Set to take effect on May 25, 2018, organizations have mere months to get their IT and data management systems, services and processes ready for GDPR. Microsoft already offers its cloud customers a GDPR compliance management dashboard that they can use to assess how their setups stack up.
Now the company's sprawling partner network can also help their customers get ready for DGPR.
Partner organizations can now use the Microsoft GDPR Detailed Assessment, which is available through the Microsoft Partner Network, to help gauge how customer environments will fare under the new regime.
"The tool provides an in-depth analysis of an organization's readiness and offers actionable guidance on how to prepare for compliance, including how Microsoft products and features can help simplify the journey," explained Daniel Grabski, executive security advisor at Microsoft Enterprise Cybersecurity Group, in a blog post.
"The Microsoft GDPR Detailed Assessment is intended to be used by Microsoft partners who are assisting customers to assess where they are on their journey to GDPR readiness. The GDPR Detailed Assessment is accompanied by supporting materials to assist our partners in facilitating customer assessments," continued the Microsoft executive.
The software giant cautions that although it offers critical insights, the tool is not intended to be used as a GDPR compliance attestation system. Customers are ultimately responsible for their own GDPR compliance initiatives, ideally under the guidance of their compliance and legal teams, Grabski said.
Microsoft estimates that users will face a partner engagement process lasting three to four weeks. Completing the process takes approximately 10 to 20 hours of hands-on work, depending on how many participants are involved and the complexity of the customer organization, added Grabski.
There are other tools Microsoft that customers can use to get ready for GDPR.
On Nov. 26, Microsoft released a preview version of its Compliance Manager system. Organizations can use the tool to see how their Microsoft cloud product deployments, including Office 365 and Azure cloud-computing services, stand up to GDPR and other regulatory schemes.
A fully-supported, general availability release is scheduled for 2018. In the meantime, Microsoft is busy adding more GDPR content, along with additional regulatory standards, including National Institute of Standards and Technology (NIST) Special Publication 800-53, a set of security and privacy controls for critical infrastructure organizations and federal government agencies.
A rundown of other Microsoft GDPR solutions can be found in Grabski's blog post here.