Right To Be Forgotten
How does Microsoft detect a data breach?
All of our services and employees follow internal incident management procedures to ensure that all precautions are taken to prevent personal data breaches. In addition help with right to be forgotten Online Services has implemented specific cross-platform security controls for early detection of such breaches.
How does Microsoft respond to a personal data breach?
For personal data breach, Microsoft will provide you with the following assistance: – Properly train security personnel who know the procedure to be follow. – Police procedure and control to ensure Microsoft maintain detail record. Response involve documenting the fact of an incident, its impact and remedial actions take, as well as track and storing the information in our incident management system.
How does Microsoft notify me of a personal data breach?
Microsoft has implemented policies and procedures to notify you immediately. To enable you to comply with your reporting obligation to the data protection authority, we are providing a description of the process followed to determine whether a personal data breach has occurred, the nature of the breach and the countermeasures taken.
GDPR Accountability Checklists
These checklists provide convenient access to the information you need to know about GDPR compliance when using Microsoft products. You can manage checklist items with Microsoft Compliance Manager by referencing the Control ID and Control Title under Customer Managed Controls in the GDPR tile.
Frequently asked questions about the GDPR
Does Microsoft have obligations to its customers regarding GDPR?
Yes. The GDPR stipulates that controllers (e.g. companies using Microsoft Enterprise Online Services) only work with processors (e.g. Microsoft) who offer sufficient guarantees for compliance with the central GDPR requirements. Microsoft is proactive in fulfilling this obligation to all Volume Licensing customers as part of their contracts.
How does Microsoft help me with compliance?
Microsoft provides tools and documentation to support your GDPR accountability. This includes supporting the rights of data subjects, conducting our own data protection impact assessment and working together to resolve personal data breaches.
What are the obligations in the GDPR terms?
The Microsoft GDPR Terms set out the obligations for processors required in Article 28. Article 28 requires processors to:
- Use of sub-processors only with the consent of the controller, and for which sub-processors are liable.
- Processing of personal data only as instructed by the person responsible, also with regard to transfers.
- Ensure that persons who process personal data are bound by confidentiality.
- Implementing appropriate technical and organizational measures to ensure a level of security of the personal data that is appropriate to the risk.
- Assist controllers in their obligations to respond to data subject requests to exercise their GDPR rights.
- Compliance with regulations on reporting and assistance in the event of a personal data breach.
- Supporting those responsible with the data protection impact assessment and consultation with the supervisory authorities.
- Deletion or return of personal data at the end of the provision of services.
- Demonstrably support the data controller in complying with gdpr case studies .