General Data Protection Regulation

The newly passed General Data Protection Regulation(GDPR) is giving all organizations a big task. The new GDPR is now discussed by many law firms and senior consultants in events such as breakfast meetings and at conferences. All of them say they have the checklist for the organizations how to adopt. They don´t have all the answers and neither do I, we all have to work together.

The fact is that every organization active with services to EU users have to comply. Even those who do not have an office in EU and are serving users in EU. The clock is ticking fast to do the work, by 25th of May 2018 you have to be ready.

I have been in the ICT industry for over 30 years and have memories of the Y2K. In the beginning many did not write software that included more than 2 numbers for a year. In the end of the -90´s the work with Y2K was affecting everyone. I worked at that time for a vendor by the name of Madge Networks, we had to test even our drivers for the network adapters for Y2K.

The work that all organizations now have to do with GDPR is even bigger than Y2K. It is not just about a checklist and paperwork to comply with GDPR. The work includes using security features, I will show in this post that there are features already available in Office 365.

This post will not be about what the GDPR is about and all the documents you have to read. I will show you some features you can use to comply with GDPR in a technical way.

In simple terms you have to be sure that data that involves data about identifiable persons leak. If they do the company has 72 hours to report to the authority in your country.

The features that are already present in Office 365 are many, one of them is the Exchange transport rules. Microsoft has added some templates you can use to either block emails containing personal data from being sent outside of the organization. The exchange transport rules is much about logic, so any developer or IT pro with skills of thinking logical are capable of writing rules.

For the end user it can look like in the picture below. I was trying to send an email from our test Office 365 tenant to our company mail-address. In this case the email was blocked as it contained a Swedish national ID in the text.

In this case it was just one national id, you can setup rules that stop if you send more than one national id. The action can also be other options such as forwarding the message for approval. The number of options are many and I advise you to try them out in your test tenant. I hope you do have one and don´t make the mistake I did. I first applied this to our production tenant and blocked an email for a colleague of mine. The options of actions is in the picture below.

My advice is to connect with someone who is not only comfortable with reading the GDPR from a legal point. They need to be understanding technology as well, and work together with them for the organisation. The standard answer on the question of what to do from law firm can otherwise be “it depends”.

Ove has been working for 30+ years at various positions in the ICT business in the Nordic region. His desire is to become a digital nomad working with cloud services. His team at NetIntegrate have put a packaged Cloud offer spiced with own development that they market on Ove is deeply committed to sharing knowledge in working digitally.

Check out the GDPR Resource Centre for an array of helpful content.

Share this on...

Rate this Post: