Support your GDPR program with Accountability Readiness Checklists
The General Data Protection Regulation (GDPR) introduces new rules for organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data for EU residents no matter where you or your enterprise are located. Additional details are in the GDPR Summary topic.
Accountability Readiness Checklists
Accountability readiness checklists are provided to conveniently access information you may need to support the GDPR when using Microsoft products and services. The checklist lists potential obligations you may have under the GDPR, and points you to information that you can use to support your organizations’ compliance.
There is a specific guide for four Microsoft product and services families:
You can manage the items in this checklist with Compliance Score by referencing the Control ID and Control Title under Customer Managed Controls in the GDPR tile.
The checklists include the four basic categories of considerations for a privacy program supporting GDPR listed below, along with example requirements.
Conditions for Data Collection and Processing:
- When is consent obtained?
- Identify and document purpose
- Privacy impact assessment
Data Subject Rights
- Determining information for PII principals (data subjects)
- Providing mechanism to modify or withdraw consent
Privacy by Design and Default
- Limit Collection
- Comply with identification levels
- Temporary files
Data Protection and Security
- Understanding the organization and its context
- Information Security Policies
- Online service terms: You can find Microsoft contractual commitments with regard to the GDPR in the Online Services Terms.
- Microsoft product terms: Microsoft extends the GDPR Terms commitments to all Volume Licensing customers.
- Data protection addendum: Microsoft services extends the commitments to Microsoft Consulting Services customers and others.
GDPR compliance controls
- Use Compliance Score: Review and incorporate controls Microsoft uses to support obligations in the GDPR with Compliance Score.
- GDPR control mapping: Access a comprehensive mapping of Microsoft controls to GDPR obligations.