GDPR and Microsoft Dynamics 365 – readiness of the solution for the General Data Protection Regulation

What is GDPR?

The General Data Protection Regulation (GDPR) defines new rules for organizations providing goods and services for EU citizens, or the ones gathering and analyzing the data concerning EU citizens. GDPR will enter into force in May 2018. This means that there is just over a year to prepare for the changes, and one should be ready because the Regulation imposes many new obligations on data administrators, severe penalties for non-compliance, and the requirement to report infringements.

GDPR and Microsoft Dynamics 365

Microsoft and its solutions support GDPR principles and may help to enhance the data protection and management in every organization. Microsoft Dynamics 365 ensures the security of the data in many areas.

Secure identity

The Microsoft Dynamics 365 platform in the cloud was based on the Azure Active Directory technology that offers a safe authentication process for the person logging into the system. Hence, management of individual users and groups they constitute is much safer. Authorizations can be given and revoked in an easy way. Learn how to protect your business with the use of cloud-based identity and access management.

Secure applications and data

Your data in Microsoft Dynamics 365 are additionally protected thanks to encryption – all connections between customers and Microsoft data centers are encrypted. All public endpoints are secured by TLS (Transport Layer Security), which ensures an increased security of the connection between the browser and server. See detailed information about security measures in Microsoft Dynamics 365.

Secure infrastructure

Microsoft Dynamics 365 is hosted in Microsoft data centers where all data protection mechanisms are employed. Unauthorized traffic to and inside the centers is blocked and the infrastructure performing these actions is being continuously controlled and tested in order to ensure the best possible security of the stored data. The team responsible for Microsoft Dynamics 365 works in accordance with the stringent standards of Microsoft Operations Security Assurance.

Role-based security

Security standards based on user’s roles and tasks within the organization are implemented in all Microsoft Dynamics 365 applications. It means that users can access only those parts of the system they have authorization for. The access is determined by the employee’s position. The administrator can easily manage authorizations – granting and revoking them at any time.

RODO a Microsoft Dynamics 365 – gotowość narzędzia na rozporządzenie o ochronie danych osobowych GDPR
Threat management

In the Microsoft Dynamics 365 environment there are anti-malware measures that guard against Internet threats. The system can also detect intrusion and prevent DDoS (distributed denial-of-service) attacks. Read more about physical security employed by Microsoft.

Five steps towards reaching compliance with GDPR

It is worthwhile, today, to take a closer look at how data is managed in your organization. There are five crucial steps that can help:

1. First of all, you should examine what type of personal data is collected by your organization and where the data is stored.

2. That knowledge should lead to an audit – define the rules of access and handling of the gathered data.

3. Protect the data – provide control measures in accordance with the rigorous requirements that will detect all weak points and prevent undesired access or data leaks.

4. Reporting – make sure the documentation is complete and all the cases of giving access are well documented.

5. Remember to check, on regular basis, whether your data protection system functions properly and stays in accordance with the safety procedures – thanks to that you will decrease the risk of irregularities.

Want to learn more about Microsoft Dynamics 365? Get familiar with the platform and empower your business now.