Online Service Terms Address GDPR

The Sept. 2017 update to the Online Services Terms (OST), which cover Microsoft hosted services such as Azure and Office 365, includes updates to reflect new requirements to comply with the European Union (EU) General Data Protection Regulations (GDPR). Organizations that collect or process the personal data of EU citizens using Microsoft’s hosted services need to comply with these regulations by May 2018 or face significant penalties. Although Microsoft is taking steps to ensure its services can be used within the requirements of the GDPR, the ultimate responsibility for compliance with the GDPR likely lies with the organizations using the services.

Changes to the OST

In Feb. 2017, Microsoft announced its hosted services would comply with the GDPR. The GDPR includes approximately 160 requirements for how organizations collect, store, and process personal information. For example, in the event of a breach that results in the loss of control over collected personal data, the breached organization has only 72 hours to notify all impacted parties, including government regulators and affected individuals.