If you're a citizen of the European Union, you might have heard about its efforts to strengthen data protection laws for member states via the General Data Protection Regulation, or GDPR. You may also remember that we covered Microsoft's commitment to comply with the provisions of the GDPR by May 25, 2018, when it enters into force.
In a blog post, Microsoft's Corporate VP and General Counsel, Rich Sauer, reveals that the company has started publicly offering contractual commitments regarding this particular EU law, stating that this step was taken to "provide key GDPR-related assurances about our services".
Sauer went on about the GDPR by saying:
We believe privacy is a fundamental right. The GDPR is an important step forward to further clarify and enable individual privacy rights and look forward to sharing additional updates how we can help you comply with this new regulation and, in the process, advance personal privacy protections.
Since the process of preparing for such a law requires quite a few changes on some companies' part in order to comply, the software giant offers a few pointers in its Trust Center entry about the GDPR, as well as a guide (pops up a download window) which covers all the necessary information. Perhaps most importantly, the document also features sections dedicated to Microsoft cloud services like Azure and Office 365, as well as more traditional offerings like Windows and Windows Server.
One helpful section of the Trust Center article about GDPR outlines the rights companies need to enable under the new law:
The GDPR provides EU residents with control over their personal data through a set of “data subject rights.” This includes the right to:
- Access readily-available information in plain language about how personal data is used
- Access personal data
- Have incorrect personal data deleted or corrected
- Have personal data rectified and erased in certain circumstances (sometimes referred to as the “right to be forgotten”)
- Restrict or object to processing of personal data
- Receive a copy of personal data
- Object to processing of data for specific uses, such as marketing or profiling
A company of Microsoft's size handles a lot of data throughout its services, so it's interesting to see it take a proactive rather than reactive approach to complying with such regulation.