GDPR + Office 365
Lucidica Team
A common issue we find with companies and personal data, is the amount of companies that email personal data through a message or a file. When your email gets hacked, all that information is automatically taken and a breach of all sort of sensitive data has occurred.
With Office 365, their suite of tools has been plastered in security measures and safeguarding to make sure when you want to share a file to a colleague or email an attachment to a third party- you are protected. Office 365 is a great example of implementing privacy by design and the variety of tools you get within the 365 package means that you can track and protect your data.
Firstly, how can you identify and manage access to personal data?
1. Data Loss Protection
Data Loss Protection (DLP) identifies up to 80 sensitive data types to prevent an accidental breach. Within GDPR, sensitive data is seen as a lot higher risk than general personal data and can lead to enhanced fines under GDPR. DLP means that you can protect any accidental transfers of high risk data and allows you to implement procedures to prevent sensitive data being shared, specifically when it’s not encrypted.
2. Advanced Data Governance
One key feature of GDPR is the data lifecycle. From when you get personal data to when you destroy the data, a lot happens with it and it is normally shared and seen many many times. Advanced data governance is an insight tool which give you machine-assisted intelligence to manage the lifecycle of your data. You can implement policies to find, classify and action your data at different stages of it’s processing.
3. Office 365 eDiscovery
This feature is a glorified search bar which can search across all your Office 365 applications to find the data you need. Wondering why you may need this within GDPR? Well, a big feature of GDPR is the subject access request, allowing the data subject to have the ability to request all data you have on them. The Office 365 eDiscovery tool makes this simple by identifying documents that are relevant to a particular subject/company/person with just a click of a button. This search bar works with more precision and speed than other search features and, if you keep all of your information within Office 365, it will make compliancy and subject access requests easier.
4. Customer Lockbox
This feature is regarding your relationship with Microsoft as a third-party processor. When a Microsoft service engine needs access to your personal data, access control is extended to you and you can be the final approval of this access. Any actions are logged and accessible to you so if you audited, these are all available. This means that you can know who, what, why and when a third party looks at your data and gives you the records to prove it.
The second phrase of GDPR is protecting personal data from any potential breaches. Below are the Office 365 features that safeguard data and help you as a company identify when a breach has occurred.
1. Advanced Threat Protection
Exchange online protection helps you protect your email from new and current malware attacks. It gives you the opportunity to create policies tailored to your company that prevent employees clicking malicious links or opening dangerous website through email. This is a great thing to implement to show the ICO that you are putting extra precautions to protect your computer and therefore your database, especially as a lot of cyber-attacks happen through email.
2. Threat Intelligence
This is a proactive feature that helps you uncover and protect against threats, especially advanced or new threats. Microsoft identify these through a plethora of features such as the Intelligent Security Graph and input from cyber threat hunters. This feature lets you enable alerts, policies and security solutions that are crucial within GDPR compliancy.
3. Advanced Security Management
Similar to the two options above, this allows you to create special policies for your company that identifies high risk or abnormal usage. For example, if your office is based in London and there is activity in Birmingham, there will be an extra verification step. You can put policies in place to track and respond to any questionable actions.
4. Office 365 Audit Logs
This feature allows you to monitor activities through all Office applications such as Word and Excel. This means as an organisation, you can track who is viewing and editing what, and if any of that is particular unusual or being accessed by someone who it shouldn’t be, you can detect it early. As the average attacker is on your machine for over 200 days without being detected and GDPR has stated that you need to report a breach in 72 hours, this is a great tool in identifying breaches.
Depending on what Office 365 package you have, you might not have all of these features but upgrading of licensing can be done in minutes, cost a few pounds and keep you protected for years. If you are unsure what features you have or are specifically interested in one of the features above, contact our team for more information and we will make sure we’ve got you covered.
Also, as a Gold partner of Microsoft, we can give you considerably cheaper prices than the “market price”. Just let us know how many licenses you want, what features your business needs and we will do the rest. Look forward to hearing from you!
