In two days, the European Union’s General Data Protection Regulation (GDPR) will become enforceable. A tectonic shift in the global privacy paradigm, the data protection law will herald a new era in consumer trust. As a company, Microsoft has individual privacy rights and security in its DNA. That is why in February of last year we announced we would be GDPR compliant across our cloud services by the deadline. We embraced GDPR proactively. It is also a matter of great pride that we have helped customers round the world be GDPR-ready ahead of time.
Data at the center
As we stand amidst the fourth industrial revolution, maintaining the integrity of personal data has become as imperative to national security as protecting a country’s cyber borders. Organizations are under increased scrutiny, with everybody from lawmakers and investors to employees and consumers examining the relationship between what’s good for business and what’s good for individuals. Regulations like GDPR will begin a dialogue about what nations and multilateral stakeholders can to do to streamline a system of checks and balances on a digital planet.
GDPR is the biggest change in European data protection laws in more than 20 years, bringing this area of law into the digital age. It designates individual choice as a priority over everything else. It stands on the pillars of mutual trust and respect, both of which are core to running any sustainable, ethical organization. It will govern how organizations within and outside the EU will collect, manage, process, and protect personal data while respecting individual choice.
To me, this is a golden opportunity for India to drive thought leadership in the global market. We can build expertise and capabilities, create new lines of advisory and consulting businesses, develop a market differentiator and be a source of competitiveness. One merely has to look around to witness how fast India is making strides in its journey towards cloud migration. With millions going online for the first time, protecting their vulnerabilities cannot be compromised in our long march forward. The Supreme Court of India demonstrated its commitment to its citizens when it declared privacy a fundamental right last year, and now the onus is upon us as an industry to play our part.
Enabling companies for the transition
At Microsoft, we understand how critical our role is, in enhancing the privacy of customer data. Upholding customer trust in digital technology is at the heart of what we do. Staying secure in a digital-first, cloud-first world can be tough, especially with constant cyber threats and the rules and regulations surrounding cybersecurity. We recognize that we and others in the tech sector have the first responsibility to address these issues, as we are in the center of things, building the products and operating the platforms. However, security is increasingly becoming a shared responsibility – between security providers and customers, and only by working together can bold ideas be developed for overcoming the security challenges of tomorrow.
We began work on GDPR as soon as it was adopted by the European Union. We have over 300 full-time engineers focused on GDPR compliance and have adopted over 30 controls based on GDPR. Our preparations for GDPR touch every part of our company – from our senior leadership who drive our commitment all the way to individual engineers on our product teams who write code.
We have made significant investments in our products and services to help our customers with GDPR compliance within Azure, Office 365, Windows, EMS, SQL Database and Dynamics 365. We designed our cloud products with industry-leading privacy policies and security measures to safeguard customer data in the cloud, including the categories of personal data identified by GDPR.
We have always taken an ecosystem view of things. In our experience, sharing knowledge and best practices has inevitably proved the best path to progress. We have been helping customers be GDPR-ready in time by providing the best data governance, security, and privacy tools in the market. We are proud that many of the largest global companies are entrusting Microsoft to support them in GDPR compliance.
In fact, we were the first major cloud provider to offer the contractual commitments required by GDPR to its customers. Through our cloud services and on-premises solutions we are helping them locate and catalog the personal data in their systems, build more secure environments, simplify management and monitor personal data.
Yesterday, Julie Brill, Corporate Vice President and Deputy General Counsel for Privacy and Regulatory Affairs, published a bloghighlighting our commitment to GDPR compliance in our own offerings, as well as our commitment to extend key privacy rights in GDPR to customers outside of the EU. She also highlighted our focus to support our enterprise customers with their own GPDR compliance obligations.
As digitalization shapes the contours of our new economy, we will continue to shoulder our shared responsibility and empower entities that work with us to comply. Through transparency and accountability, we will also strive to preserve the trust our users and organizations have in us, and continue to empower them to achieve more.