Microsoft's data protection officer

Overview

Microsoft has designated a European Union Data Protection Officer (DPO) to be an independent advisor for Microsoft’s engineering and business groups and to help ensure that all proposed processing of personal data meets EU legal requirements and Microsoft’s corporate standards. The role was designed to meet the GDPR criteria set out in Articles 37-39.

Qualifications

The DPO role requires successful candidates to have at least seven years of professional data protection experience, or a mix of 10 years of data protection, security and enterprise risk management experience in order to be considered for the position. In addition, candidates must have demonstrated expertise in international data protection law and practices.

Nature of the role

The DPO is involved, properly and in a timely manner, in all key issues which relate to the protection of personal data. This is effectuated, in part, by the DPO’s role in reviewing and advising on all Data Protection Impact Assessments (DPIAs) generated by Microsoft. As the DPIA program is designed to capture all personal data processing at Microsoft, the DPO will have cross-company visibility into, and the opportunity to inform and advise Microsoft of its obligations pursuant to the GDPR in regards to Microsoft’s personal data processing. This same mechanism also allows the DPO to monitor Microsoft’s compliance with applicable data protection regulations, including the GDPR, as well as Microsoft’s internal policies and controls.

Position of the Data Protection Officer

The European Union DPO reports directly to Microsoft’s Chief Privacy Officer, a senior executive within Microsoft’s Corporate and Legal Affairs division. The DPO role has autonomy to perform the functions in an independent, unbiased manner. Through the Chief Privacy Officer’s organization, the DPO has access to training and customer response resources as necessary to perform the DPO functions. The DPO is bound by confidentiality concerning their tasks through the use of a non-disclosure agreement.

Contact

Data subjects may contact the data protection officer by filling out the webform at https://aka.ms/privacyresponse. The DPO can also be reached by post at:

Microsoft EU Data Protection Officer
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland
Telephone: +353 (0) 1 295-3826

The contact details for the Data Protection Officer have been communicated to Microsoft’s Supervisory Authority.

Learn more