At Union, we’ve spoken a lot about the General Data Protection Regulation (GDPR), and how its introduction in May 2018 will forever change the way organisations store, secure and handle their customers’ personal data.
Under GDPR, ‘data subjects’ will have the rights to; be forgotten, data portability and to be informed in the case of a data breach. Therefore, much of GDPR compliance hinges on your ability to locate and retrieve personally identifiable information (PII) and safeguard that data from breaches.
The penalties for non-compliance are severe. Under GDPR, companies that suffer a data breach can incur a fine of up to four percent of their annual global turnover or €20 million, whichever is greater. Plus, failure to disclose any serious data breaches to the relevant authorities, and the victim of the breach, can result in a €10 million fine, or two percent of the company’s revenues.
The financial cost to a company could be crippling – not to mention the damage to their reputation and customer relationships.
Yet despite all this, research published last month by the Department for Digital, Culture, Media and Sport (DCMS) found only around a quarter of UK businesses have made any changes to their operations so far in preparation for the new regulations.
Despite the clock ticking down to deadline it’s not too late. Here, we lay out how Microsoft Azure can prove invaluable on your journey to GDPR compliance, helping you store, identify and manage PII in a secure environment.
- Discover: Identify what personal data you have and where it resides
- Manage: Govern how personal data is used and accessed
- Protect: Establish security controls to prevent, detect, and respond to vulnerabilities and data breaches
- Report: Keep required documentation, manage data requests, and provide breach notifications
Below, we list how Azure can help with GDPR compliance.
Azure Active Directory (Azure AD) helps ensure that only authorised users can access your computing environments, data, and applications. It features tools such as Multi-Factor Authentication for secure sign-in. Additionally, Azure AD Privileged Identity Management helps reduce risks associated with administrative privileges through access control, management, and reporting.
Azure Information Protection helps ensure data is identifiable and secure, a key requirement of the GDPR—regardless of where it’s stored or how it’s shared. You can classify, label, and protect new or existing data, share it securely with people within or outside your organisation, track usage, and even revoke access remotely.
Azure Information Protection also includes rich logging and reporting capabilities to monitor the distribution of data, and options to manage and control your encryption keys.
Azure Security Center provides you with visibility and control over the security of your Azure resources. It continuously monitors your resources, provides helpful security recommendations, and helps you prevent, detect, and respond to threats. Azure Security Center’s embedded advanced analytics help identify attacks that might otherwise go undetected.
Data Encryption in Azure Storage secures your data at rest and in transit. You can, for example, automatically encrypt your data when it is written to Azure Storage using Storage Service Encryption. Additionally, you can use Azure Disk Encryption to encrypt operating systems and data disks used by virtual machines. Data is protected in transit between an application and Azure so that it always remains secure.
Azure Key Vault enables you to safeguard your cryptographic keys, certificates, and passwords that help protect your data. Key Vault uses hardware security modules (HSMs) and is designed so that you maintain control of your keys and therefore your data, including ensuring that Microsoft cannot see or extract your keys. You can monitor and audit use of your stored keys with Azure logging and import your logs into Azure HDInsight or your SIEM for additional analysis and threat detection.
Log Analytics: Azure provides configurable security auditing and logging options that can help you identify and repair gaps in your security policies to prevent breaches. Additionally, Log Analytics helps you collect and analyse data generated by resources in either your cloud or on-premise environments. It provides real-time insights using integrated search and custom dashboards to readily analyse millions of records across all workloads and servers regardless of their physical location.
Microsoft has a long tradition of compliance in the cloud; by using Azure you can reduce the programming efforts and administrative burdens required to become GDPR compliant.
Managed Azure Infrastructure for GDPR Compliance
The challenge for many organisations that have deployed or plan to deploy Managed Azure is that they are not always maximising its benefits. Azure requires considerable expertise that typically doesn’t exist in IT teams today. That talent can be hard to find and expensive to recruit which can make the upfront investment required overbearing for many organisations.
Union Managed Azure Services delivers a full operational model for workloads and services running on Azure. Union ensures your technology stack delivers against the business outcomes you care about without you having to become a cloud expert.
With the 25th May 2018 deadline looming, Union Solutions Managed Azure Services can help your organisation ticks all the right GDPR boxes – and avoid the painful penalties associated with non-compliance.