Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό

Αντιγόνη Παπανικολάου &Νίκος Αναστόπουλος

Providing clarity and consistency for the protection of personal data

Enhanced personal privacy rights

Increased duty for protecting data

Mandatory breach reporting

Significant penalties for non-compliance

The General Data Protection

Regulation (GDPR) imposes new

rules on organizations in the European

Union (EU) and those that offer goods

and services to people in the EU, or that

collect and analyze data tied to EU

residents, no matter where they are

located.

Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

Protecting customer

privacy with GDPR

Trust

Integrated

intelligent security

Transparency

and control

Privacy

by design

Compliance

leadership

Protect your organization, data and people

Leverage guidance from experts

Simplify your privacy journey

GDPRCompliance

GDPRCompliance

GDPRCompliance

Uncover risk & take action

How do I get started?

Identify what personal data you have and

where it residesDiscover1

Govern how personal data is used

and accessedManage2

Establish security controls to prevent, detect,

and respond to vulnerabilities & data breachesProtect3

Keep required documentation, manage data

requests and breach notificationsReport4

Discover:

In-scope:

•

•

•

•

•

•

•

•

•

•

Inventory:

•

•

•

•

•

•

•

Microsoft AzureMicrosoft Azure Data Catalog

Enterprise Mobility + Security (EMS)Microsoft Cloud App Security

Dynamics 365Audit Data & User Activity

Reporting & Analytics

Office & Office 365 Data Loss Prevention

Advanced Data Governance

Office 365 eDiscovery

SQL Server and Azure SQL Database

SQL Query Language

Windows & Windows ServerWindows Search

Example solutions

1

SEARCH

Translated to SQL technologies...

Discover1

T-SQL Queries, Full Text search

Data classification

Vulnerability Assessment

Inventory personal data in database systems

Review access model, understand the attack surface area

Track data flows and map data lineage

A one-stop-shop to track and improve your SQL security state

Get Visibility Discover sensitive data and potential

security holes

RemediateActionable remediation and security

hardening steps

CustomizeBaseline policy tuned to your environment,

so you focus on deviations

ReportPass internal or external audits, facilitates

compliance

2

Example solutions

Manage:

Data governance:

•

•

•

•

•

•

•

•

Data classification:

•

•

•

•

•

•

•

Microsoft AzureAzure Active Directory

Azure Information Protection

Azure Role-Based Access Control (RBAC)

Enterprise Mobility + Security (EMS)Azure Information Protection

Dynamics 365Security Concepts

Office & Office 365 Advanced Data Governance

Journaling (Exchange Online)

Windows & Windows ServerMicrosoft Data Classification Toolkit

Streamline processesBuilt in audit-ready tools that help you collaborate between teams and manage your processes.

Protect personal dataData governance and protection of your sensitive data across devices, apps both on-premises and in the cloud.

Assess and manage compliance riskA real-time assessment of your compliance posture with actionable insights to improve your data protection capabilities.

Compliance ManagerManage your compliance from one place

MICROSOFT’S APPROACH TO INFORMATION PROTECTION

Detect ProtectClassify Monitor

C L O U DD E V I C E S O N P R E M I S E S

Comprehensive protection of sensitive data throughout the lifecycle – inside and

outside the organization

CLASSIFY & PROTECT YOUR SENSITIVE INFORMATION -ANYTIME, ANYWHERE – WITH AZURE INFORMATION PROTECTION

Detect, classify and label documents

with sensitive data

Applies encrypting and rights

management into the specific document

Manual and/or automatic process

Provides detailed tracking and

reporting

Covers open documents on devices and can now also crawl existing documents on on-premises fileshare and SharePoint servers + with Cloud App Security extend capabilities into cloud environments

Translated to SQL technologies...

Manage2

Windows authentication, Azure AD auth, role-base security…

Azure SQL Firewall

Dynamic Data Masking, Row-Level Security

Manage authentication and authorization mechanisms

Properly configure database firewall

Limit application access according to authorization principles

ADO

.NET 4.6

ADALSQL

3

Example solutions

Protect:

Preventing data attacks:

•

•

•

•

•

•

•

•

Detecting & responding to breaches:

•

•

•

•

•

•

Microsoft AzureAzure Key VaultAzure Security CenterAzure Storage Services Encryption

Enterprise Mobility + Security (EMS)Azure Active Directory PremiumMicrosoft Intune

Office & Office 365 Advanced Threat ProtectionThreat Intelligence

SQL Server and Azure SQL DatabaseTransparent data encryptionAlways Encrypted

Windows & Windows ServerWindows Defender Advanced Threat ProtectionWindows HelloDevice Guard

DETECT

Detect Abnormal Behavior &

Anomalies in Cloud Apps

Identify high risk usage, cloud security issues,

detect abnormal user behavior in cloud apps.

Identify and stop known attack pattern

activities originating from risky sources with

threat prevention enhanced with vast

Microsoft threat intelligence

Detect Abnormal Behaviors with

Windows Defender ATP

Detect targeted advanced attacks and

zero days.

Visually investigate forensic evidence across

your devices to easily uncover scope of

breach, assess the entire footprint of the

incident, and trace it back to identify the root

cause.

Search and explore 6 months of historical data

across your devices

DETECT

4

Example solutions

Record-keeping:

•

•

•

•

•

Reporting tools:

•

•

•

•

•

•

Microsoft Trust CenterService Trust Portal

Microsoft AzureAzure Auditing & LoggingAzure Data LakeAzure Monitor

Enterprise Mobility + Security (EMS)Azure Information Protection

Dynamics 365Reporting & Analytics

Office & Office 365 Service AssuranceOffice 365 Audit LogsCustomer Lockbox

Windows & Windows ServerWindows Defender Advanced Threat Protection

Report:

PROTECT

Protect Your Email with O365 ATP

Stop malicious attachments

Provide time of click protection against

malicious links

Stop known email threats

RESPOND

Respond to Malicious Email Files

with O365 ATP

Remove emails found to be malicious after

they land in user inbox.

Intelligent filters which update based on

evolving cyber threat landscape.

Ability to remediate for real-time malicious

emails.

RESPOND

Respond to Compromised Data with

Cloud App Security

Identify high-risk and anomalous usage in

cross cloud apps - including office 365

Get recommendations and remediation

actions for next steps

“Make no mistake, the GDPR sets a new and higher bar for privacy rights, for security, and for compliance.

And while your journey to GDPR may seem challenging, Microsoft is here to help all of our customers around the world.”

Brad Smith

President & Chief Legal OfficerMicrosoft Corporation

Why Microsoft for GDPR

Microsoft products and services are

available today to help meet the GDPR

requirements. Through our cloud

services and on-premises solutions we

help customers locate and catalog the

personal data in their systems, build

more secure environments, simplify

management and monitoring of

personal data, and provide tools and

resources needed to help them meet

reporting and assessment requirements.

Best path to compliance is

with the Microsoft Cloud

Microsoft believes that the GDPR is an

important step forward for clarifying

and enabling individual privacy rights.

We have committed to GDPR

compliance across our cloud services

when enforcement begins May 25, 2018.

Microsoft and our partners can help

customers meet the requirements of the

GDPR.

Blog post: Get GDPR compliant with the

Microsoft Cloud

Committed to the Highest

Privacy Standards

Microsoft was the first global cloud

services provider to publicly offer

contractual commitments for our

services. Our contractual commitments

outline how we help customers:

• Respond to data subject requests.

• Detect and report personal data

breaches.

• Demonstrate GDPR compliance

The GDPR amendments can be found in

the Online Services Terms (OST) at

microsoft.com/licensing

Supporting your trust with

contractual assurances

Microsoft's services are independently

verified to meet legal and compliance

requirements, are financially backed,

and offer transparent information on

their availability.

Security policies and audit reports are

made available to customers and if

necessary, their regulators through the

Trust Center

(Microsoft.com/trustcenter).

Industry leading security

and privacy certifications

Microsoft has published a large library

of GDPR guidance covering the four

steps (Discover, Manage, Protect and

Report) and our products and services.

Including the “Beginning you GDPR

Journey”, GDPR Overview and product

whitepapers. These and more can be

found at Microsoft.com/gdpr. We

continue to publish new resources on a

regular basis.

Comprehensive guidance

on beginning the GDPR

journey

Microsoft has made significant

investments in our products and

services to help our customers with

GDPR compliance within Azure, Office

365, Windows, EMS, SQL Database and

Dynamics 365. For example, Microsoft

365 delivers a range of tools and

services that enable GDPR scenarios

such as data discovery, governance, and

protection.

Deep Investments in

products and services

We designed our cloud products

(including Office 365, Azure, SQL,

Windows and Dynamics 365) with

industry-leading privacy policies and

security measures to safeguard

customer data in the cloud, including

the categories of personal data

identified by the GDPR. Please see How

our products help you meet GDPR

requirements for more detail

Largest portfolio of cloud

solutions

The Microsoft Partner Network includes

hundreds of thousands of organizations

worldwide. By working with this broad

partner ecosystem we offer customers

more comprehensive solutions. Many of

our partners, including Accenture and

EY, have developed a wide array of

practices to help customers achieve

GDPR compliance.

Broadest partner

ecosystem

Microsoft.com/GDPR