Written by: Richard Jefferies
Insurance Sector Client Manager
11 May 2017
Microsoft and Northdoor Financial Services Round Table, held on the 4 May at the Royal Exchange.
Part of our regular series of round tables for the insurance and financial services industry, this round table explored how organisations can exploit and add to their investment in Microsoft as a platform to accelerate compliance efforts for the GDPR.
1. Insurers and Financial Services organisations are data rich and data regulators have previously issued the largest fines to these companies.
2. Typically, legal have been taking the lead on GDPR programmes, but engaging with IT and compliance heavily. Some companies are dedicating teams to GDPR compliance but call on 3rd parties to support.
3. Even with Brexit, still have to comply – the UK will still be in the EU when GDPR comes into force from May 2018 and the current regulations are likely to be replaced by GDPR post-Brexit.
4. Notification of breach: this does not just apply to incidents like a cyber-attack – can be something like a lost laptop, or an email mistakenly sent out to a group and exposing the email details of individuals in the group.
5. Worst case, you need to show the ICO you have activities underway to meet the GDPR requirements, even if not totally compliant by May 2018.
6. Microsoft have made the commitment to have all cloud services GDPR compliant by May 2018 – this will help user organisations to demonstrate compliance activities to the ICO.
7. No “out of the box” Microsoft compliance solution, but various products (on-prem and cloud) in the portfolio will support compliance activities.
8. Microsoft break down the key GDPR focus areas and example solutions as:
Discover: e.g. Azure Data Catalog, Office 365 eDiscovery
Manage: e.g. Active Directory, Data Classification Toolkit
Protect: e.g. Azure Key Vault, Threat Protection & Threat Intelligence
Report: e.g. Service Trust Portal, Azure Auditing & Loggin
9. Microsoft hot topics they are seeing: classification and discovery of data. An example Microsoft has seen with an insurer: the cost of facilitating the right to be forgotten would be huge, so the insurer is putting data in O365 so they can search and delete.
10. 85% of breaches are from access details being compromised, usually starting with a phishing attack. With Microsoft, traffic can be monitored and filtered to help prevent phishing attacks.
To find out more about General Data Protection Regulation (GDPR) please visit our dedicated page here.