Cybersecurity
Microsoft's response to GDPR and data handling
February 15, 2021
Question
Most large U.S. corporations that do business globally adhere to the GDPR regulations. Look at one of the rights granted by GDPR in the context of prior data handling practices of your client. How have those practices changed?
Answer
Since GDPR went into effect, Microsoft extended those rights to customers globally. In compliance with good GDPR practices, they have ensured “GDPR compliance is deeply ingrained in the culture at Microsoft” and are actively monitoring and evaluating their compliance to ensure it lives up to the current standards and interpretations of the law. As a business-to-business company, Microsoft has also taken an initiative to ensure their customers also meet GDPR requirements.
To adopt GDPR practices worldwide, Microsoft has created internal rules called the Data Subject Rights which “include the right to know what data we collect about [customers], to correct that data, to delete it and even to take it somewhere else.” 1 Their key change post-GDPR is they have enacted a Privacy Dashboard so customers can easily do this.
Through the Privacy Dashboard, customers can adjust privacy settings. This includes managing browsing data collected by Cortana and Microsoft Edge and clearing Bing’s search history. The Privacy Dashboard extends to all services and products Microsoft provides. This product gives customers control over their personal data which is at the heart of GDPR compliance.2
Ultimately, Microsoft has made a commitment to customer’s data privacy worldwide. Through their new tool, the Privacy Dashboard, all customers can control, change, and delete the personal data Microsoft collects.
This article is part of my Information Assurance and Cybersecurity Series. Learn more here.
Sources
1 Brill, J. (2018, June 7). Microsoft’s commitment to GDPR, privacy and putting customers in control of their own data. Microsoft On the Issues. https://blogs.microsoft.com/on-the-issues/2018/05/21/microsofts-commitment-to-gdpr-privacy-and-putting-customers-in-control-of-their-own-data/#:%7E:text=That’s%20why%20today%20we%20are,to%20take%20it%20somewhere%20else.
2 Microsoft. (n.d.). Microsoft Account Privacy Settings. https://account.microsoft.com/account/privacy?refd=blogs.microsoft.com&ru=https%3A%2F%2Faccount.microsoft.com%2Fprivacy%3Frefd%3Dblogs.microsoft.com&destrt=privacy-dashboard