The GDPR Self-Assessment by Microsoft will help you identify if your organization needs to be GDPR compliant by the May 25, 2018 deadline.
The following are some of the grounds for compliance that might apply to your organization.
- EU citizens/residents who are your employees are subject to GDPR (no matter where in the word they live or work)
- Collecting personal data about employees, customers, and/or consumers are cause for GDPR compliance
- Photos on video monitors and/or company badges are personal data (because of facial recognition/bio-metric data) and are thus subject to GDPR
- Using website cookies and/or collecting IP or MAC addresses are considered methods for collecting personal data
- Any vendors that have access to personal data of EU citizens/residents must be GDPR compliant, and it is your organization's responsibility to verify, to the extent possible, that the vendor meets GDPR compliance
- Just because your organization or a vendor is Privacy Shield certified does not automatically guarantee GDPR compliance
Non-compliance will result in a minimum fine of €20,000,000 or 4% of transactions, whichever is greater. Additionally, failure to pay the fine can result in your organization being banned from conducting business in the EU, asset seizure/forfeiture, and fines from other government agencies (including U.S. government agencies).
If you feel that your organization will need to be GDPR compliant by May 25, 2018, Office 365 has security features and a GDPR portal to help your organization meet GDPR compliance.
If you'd like a recommendation for a vendor who can help you with Office 365 and GDPR compliance, just reply below or email me with your contact information. I promise I don't get a commission!