使用責任整備檢查清單支援 GDPR 計劃Support your GDPR program with Accountability Readiness Checklists

針對為歐盟 (EU) 中的人們提供產品及服務或為歐盟居民收集和分析資料的組織,一般資料保護規定 (GDPR) 推出了新的規則,而無論您或您的企業位於何處都必須遵守。The General Data Protection Regulation (GDPR) introduces new rules for organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data for EU residents no matter where you or your enterprise are located. GDPR 摘要主題中有其他詳細資料。Additional details are in the GDPR Summary topic.

責任整備檢查清單Accountability Readiness Checklists

責任整備檢查清單提供使用 Microsoft 產品與服務時,便於存取支援 GDPR 所需資訊的方式。Accountability readiness checklists are provided to conveniently access information you may need to support the GDPR when using Microsoft products and services. 檢查清單列出在 GDPR 下您可能須盡的義務,並指出支援貴組織的法規遵循所需的資訊。The checklist lists potential obligations you may have under the GDPR, and points you to information that you can use to support your organizations’ compliance.

四項 Microsoft 產品和服務系列的特定指南:There is a specific guide for four Microsoft product and services families:

您可以使用合規性分數管理此檢查清單中的項目,方法是參考 GDPR 動態磚中 [客戶管理控制措施] 底下的控制措施識別碼和控制措施標題。You can manage the items in this checklist with Compliance Score by referencing the Control ID and Control Title under Customer Managed Controls in the GDPR tile.

檢查清單包含以下列出之支援 GDPR 隱私計劃的四項基本考量類別,以及範例需求。The checklists include the four basic categories of considerations for a privacy program supporting GDPR listed below, along with example requirements.

  1. 資料收集和處理的條件:Conditions for Data Collection and Processing:

    • 何時取得同意?When is consent obtained?
    • 確定並記錄目的Identify and document purpose
    • 隱私權影響評估Privacy impact assessment
  2. 資料主體權利Data Subject Rights

    • 判斷屬於 PII 主體 (資料主體) 的資訊Determining information for PII principals (data subjects)
    • 提供可修改或撤銷同意的機制Providing mechanism to modify or withdraw consent
  3. 從設計著手保護隱私與預設為保護隱私Privacy by Design and Default

    • 限制收集Limit Collection
    • 遵守識別層級Comply with identification levels
    • 暫存檔Temporary files
  4. 資料保護和安全性Data Protection and Security

    • 了解組織和其內容Understanding the organization and its context
    • 規劃Planning
    • 資訊安全性原則Information Security Policies

客戶合約Customer agreements

  • 線上服務條款:您可以在線上服務條款中找到與 GDPR 相關的 Microsoft 合約承諾。Online service terms: You can find Microsoft contractual commitments with regard to the GDPR in the Online Services Terms.
  • Microsoft 產品條款:Microsoft 將 GDPR 條款承諾擴展至所有大量授權客戶。Microsoft product terms: Microsoft extends the GDPR Terms commitments to all Volume Licensing customers.
  • 資料保護附錄:Microsoft 服務將承諾擴展至 Microsoft 諮詢服務客戶及其他人。Data protection addendum: Microsoft services extends the commitments to Microsoft Consulting Services customers and others.

GDPR 合規性控制GDPR compliance controls

  • 使用合規性分數:審閱和整合 Microsoft 用來支援 GDPR 中的義務與合規性分數的控制。Use Compliance Score: Review and incorporate controls Microsoft uses to support obligations in the GDPR with Compliance Score.
  • GDPR 控制對應:存取 Microsoft 控制的完整對應 ,以盡 GDPR 義務。GDPR control mapping: Access a comprehensive mapping of Microsoft controls to GDPR obligations.

深入了解Learn more