Microsoft’s “Compliance Manager” helps users meet GDPR requirements

Organizations moving data from on-premises locations to a Microsoft Cloud service such as Office 365, Azure, or Dynamics 365 now have access to Microsoft’s “Compliance Manager”. This tool was created with security, compliance and privacy in mind, and it’s designed to assist organizations in managing their compliance activity. With GDPR going into effect on May 25, Microsoft’s Compliance Manager is available with just enough time left to get ready.

The Compliance Manager has three key capabilities: on-going risk assessments, actionable insights, and compliance activities management. Each one directly relates to GDPR readiness, but the Compliance Manager is also useful for navigating other complex compliance obligations including ISO 27001, NIST 800-53, and HIPAA[2].

What can Microsoft’s Compliance Manager do?

1. Perform on-going risk assessments:  In addition to providing performance details of Microsoft’s own internal controls, the Compliance Manager features a “Compliance Score”, for organizations to evaluate their own controls based on their operating effectiveness. Each control is assigned a weight based on the level of risk that’s involved when it’s not implemented or when the control fails. This tool helps to prioritize tasks based on the risk involved with each control.
2. Provide actionable insights: In an effort to close the gap between compliance personnel and IT professionals, Microsoft’s Compliance Manager makes it easier to know which technology solutions would be best to use to meet specific compliance obligations. In a newly updated view, users can see customer actions for each certification or regulatory control, as well as the specific actions recommended for each control.
3. Manage compliance activities: According to the “Cost of Compliance 2017 Report” by Thomson Reuters, 32 percent of companies spend more than four hours per week creating and amending audit reports. With Compliance Manager, users can assign, track, and record compliance activities, which in turn makes it easier to collaborate across teams and speed up the auditing process. For example, the Compliance Manager would allow users to create a GDPR assessment for each individual year and keep all the data organized to easily perform risk assessments.

Microsoft is working closely with organizations around the world to make the GDPR transition as smooth as possible. Microsoft-based solutions, such as the Compliance Manager, provide controls and capabilities designed to help users meet complex GDPR requirements efficiently.