The GDPR Self-Assessment by Microsoft will help you
identify if your organization needs to be GDPR compliant by the May 25, 2018
deadline.
The
following are some of the grounds for compliance that might apply to your
organization.
- EU citizens/residents who are your employees are subject to GDPR (no matter where in the word they live or work)
- Collecting personal data about employees, customers, and/or consumers are cause for GDPR compliance
- Photos on video monitors and/or company badges are personal data (because of facial recognition/bio-metric data) and are thus subject to GDPR
- Using website cookies and/or collecting IP or MAC addresses are considered methods for collecting personal data
- Any vendors that have access to personal data of EU citizens/residents must be GDPR compliant, and it is your organization's responsibility to verify, to the extent possible, that the vendor meets GDPR compliance
- Just because your organization or a vendor is Privacy Shield certified does not automatically guarantee GDPR compliance
Non-compliance
will result in a minimum fine of €20,000,000 or 4% of transactions,
whichever is greater. Additionally, failure to pay the fine can result in your
organization being banned from conducting business in the EU, asset
seizure/forfeiture, and fines from other government agencies (including U.S.
government agencies).
If you
feel that your organization will need to be GDPR compliant by May 25, 2018,
Office 365 has security features and a GDPR portal to help your organization
meet GDPR compliance.
If you'd like a recommendation for a vendor who can help you with Office 365 and GDPR compliance, just reply below or email me with your contact information. I promise I don't get a commission!
