GDPR Affect Microsoft and Customers

Effective May 25, 2018, the General Data Protection Regulations (GDPR) protect European Union (E.U.) citizens’ personal data. The GDPR broaden the definition of personal data and associated privacy rights, including a right to be forgotten and to correct or delete incorrect data. All organizations that control or process E.U. citizens’ personal data must comply with the GDPR. Therefore, many organizations using Microsoft products or hosted services, such as Office 365, to process (for example, store, modify, analyze, display, and report) such personal data have a joint responsibility with Microsoft to comply with the new regulations or face substantial liability.

The GDPR

The GDPR (E.U. Regulation 2016/679) update and modernize the data privacy principles of the existing Data Protection Directive (95/46/EC) to strengthen the rights of E.U. citizens to control their personal data. If an organization employs E.U. citizens, offers goods or services to people of the E.U., or collects and analyzes data about E.U. citizens, they have obligations under the GDPR. Organizations that are currently complying with existing E.U. regulations through Model Clauses or safe harbors will likely need to take additional steps to comply with the updated regulations.