mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-15 14:57:23 +00:00
Adding initial content
This commit is contained in:
eross-msft
parent
2cb37b1839
commit
7b33d85e15
@ -0,0 +1,83 @@
|
||||
---
|
||||
title: Beginning your General Data Protection Regulation (GDPR) journey for Windows 10 (Windows 10)
|
||||
description: Use this article to understand what GDPR is and about the products Microsoft provides to help you get started towards compliance.
|
||||
keywords: privacy, GDPR
|
||||
ms.prod: w10
|
||||
ms.mktglfcycl: manage
|
||||
ms.sitesec: library
|
||||
ms.pagetype: security
|
||||
ms.localizationpriority: high
|
||||
author: pwiglemsft
|
||||
ms.author: pwigle
|
||||
---
|
||||
|
||||
# Beginning your General Data Protection Regulation (GDPR) journey for Windows 10
|
||||
|
||||
This article provides info about GDPR, including what it is and the products Microsoft provides to help you to become compliant.
|
||||
|
||||
## Introduction
|
||||
On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance.
|
||||
|
||||
The General Data Protection Regulation, or GDPR, is fundamentally about protecting and enabling the privacy rights of individuals. The GDPR establishes strict global privacy requirements governing how you manage and protect personal data while respecting individual choice—no matter where data is sent, processed, or stored.
|
||||
|
||||
Microsoft and our customers are now on a journey to achieve the privacy goals of the GDPR. At Microsoft, we believe privacy is a fundamental right, and we believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights. But we also recognize that the GDPR will require significant changes by organizations all over the world.
|
||||
|
||||
We have outlined our commitment to the GDPR and how we are supporting our customers within the [Get GDPR compliant with the Microsoft Cloud](https://blogs.microsoft.com/on-the-issues/2017/02/15/get-gdpr-compliant-with-the-microsoft-cloud/#hv52B68OZTwhUj2c.99) blog post by our Chief Privacy Officer [Brendon Lynch](https://blogs.microsoft.com/on-the-issues/author/brendonlynch/) and the [Earning your trust with contractual commitments to the General Data Protection Regulation](https://blogs.microsoft.com/on-the-issues/2017/04/17/earning-trust-contractual-commitments-general-data-protection-regulation/#6QbqoGWXCLavGM63.99)” blog post by [Rich Sauer](https://blogs.microsoft.com/on-the-issues/author/rsauer/) - Microsoft Corporate Vice President & Deputy General Counsel.
|
||||
|
||||
Although your journey to GDPR may seem challenging, we are here to help you. For specific information about the GDPR, our commitments and beginning your journey, please visit the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr).
|
||||
|
||||
## GDPR and its implications
|
||||
The GDPR is a complex regulation that may require significant changes in how you gather, use and manage personal data. Microsoft has a long history of helping our customers comply with complex regulations, and when it comes to preparing for the GDPR, we are your partner on this journey.
|
||||
|
||||
The GDPR imposes rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where those businesses are located. Among the key elements of the GDPR are the following:
|
||||
|
||||
- **Enhanced personal privacy rights.** Strengthened data protection for residents of EU by ensuring they have the right to access to their personal data, to correct inaccuracies in that data, to erase that data, to object to processing of their personal data, and to move it.
|
||||
|
||||
- **Increased duty for protecting personal data.** Reinforced accountability of organizations that process personal data, providing increased clarity of responsibility in ensuring compliance.
|
||||
|
||||
- **Mandatory personal data breach reporting.** Organizations that control personal data are required to report personal data breaches that pose a risk to the rights and freedoms of individuals to their supervisory authorities without undue delay, and, where feasible, no later than 72 hours once they become aware of the breach.
|
||||
|
||||
As you might anticipate, the GDPR can have a significant impact on your business, potentially requiring you to update privacy policies, implement and strengthen data protection controls and breach notification procedures, deploy highly transparent policies, and further invest in IT and training. Microsoft Windows 10 can help you effectively and efficiently address some of these requirements.
|
||||
|
||||
## Personal and sensitive data
|
||||
As part of your effort to comply with the GDPR, you will need to understand how the regulation defines personal and sensitive data and how those definitions relate to data held by your organization.
|
||||
|
||||
The GDPR considers personal data to be any information related to an identified or identifiable natural person. That can include both direct identification (such as, your legal name) and indirect identification (such as, specific information that makes it clear it is you the data references). The GDPR also makes clear that the concept of personal data includes online identifiers (such as, IP addresses, mobile device IDs) and location data.
|
||||
|
||||
The GDPR introduces specific definitions for genetic data (such as, an individual’s gene sequence) and biometric data. Genetic data and biometric data along with other sub categories of personal data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership: data concerning health; or data concerning a person’s sex life or sexual orientation) are treated as sensitive personal data under the GDPR. Sensitive personal data is afforded enhanced protections and generally requires an individual’s explicit consent where these data are to be processed.
|
||||
|
||||
### Examples of info relating to an identified or identifiable natural person (data subject)
|
||||
This list provides examples of several types of info that will be regulated through GDPR. This is not an exhaustive list.
|
||||
|
||||
- Name
|
||||
|
||||
- Identification number (such as, SSN)
|
||||
|
||||
- Location data (such as, home address)
|
||||
|
||||
- Online identifier (such as, e-mail address, screen names, IP address, device IDs)
|
||||
|
||||
- Pseudonymous data (such as, using a key to identify individuals)
|
||||
|
||||
- Genetic data (such as, biological samples from an individual)
|
||||
|
||||
- Biometric data (such as, fingerprints, facial recognition)
|
||||
|
||||
## Getting started on the journey towards GDPR compliance
|
||||
Given how much is involved to become GDPR-compliant, we strongly recommend that you don't wait to prepare until enforcement begins. You should review your privacy and data management practices now. We recommend that you begin your journey to GDPR compliance by focusing on four key steps:
|
||||
|
||||
- Discover. Identify what personal data you have and where it resides.
|
||||
|
||||
- Manage. Govern how personal data is used and accessed.
|
||||
|
||||
- Protect. Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches.
|
||||
|
||||
- Report. Act on data requests, report data breaches, and keep required documentation.
|
||||
|
||||
For each of the steps, we've outlined example tools, resources, and features in various Microsoft solutions, which can be used to help you address the requirements of that step. While this article isn't a comprehensive “how to,” we've included links for you to find out more details, and more information is available in the [GDPR section of the Microsoft Trust Center](https://www.microsoft.com/en-us/trustcenter/privacy/gdpr).
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user