GDPR for Techies

Submitted by Jason Ford on Thu, 18/1/2018 - 14:02


Over the last 6 months as I’ve been delivering various technical courses one question keeps being thrown at me:

"How could this help with GDPR?”

What I am interested in talking about here is how some of the built-in tools (read: things you’re already paying for) in many enterprise applications can be used to audit and control your data to help with GDPR Compliance.

Some examples of these are:

GDPR and Microsoft Exchange

GDPR is fundamentally all about managing Personal Information. Personal information can abundant in emails, especially conversationally, where it could seem more difficulty to manage. Luckily, if you are using Exchange 2016 on premises or Exchange Online as part of Office 365, there is a very handy tool that can be used to easily identify email that contains PII (personally identifiable information).

While we can of course educate and ask our users to flag emails containing this data using labels in outlook, it’s always good to automate and centrally control these processes where possible. This is great for enacting GDPR policies where PII must explicitly be controlled.

This is also where DLP (Data Loss Prevention) comes in. If you have had to administer Exchange in the past you are likely familiar with transport rules which act on email as it flows around your organisation, DLP is an extension of this functionality that doesn’t take too long to get set up. Using DLP we can configure policies to identify emails containing certain types of data and then decide what happens to that data with regards to storage and indeed if it is even allowed to be sent. There are also settings that can alert users when sending emails containing such information to make them aware of your organisation policy.

When users leave your organisation either permanently or temporarily, Exchange also contains features to deal with their mailbox either putting into litigation hold to prevent deletion of it’s contents or making it available to another member of staff to access.

GDPR and SharePoint

SharePoint is an excellent platform allowing for business automation and document management, one of the great things about storing your documents in SharePoint is the ability to identify and control the lifecycle of documents based on their type. This is great for those implementing GDPR policies which are likely to cover document retention and deletion.

Configuration of retention policies for specific content types is simple and can be deployed easily across site collections from a centralised point. Documents that have been completed and contain sensitive or personal information can be sent to record centres allowing those responsible for GDPR compliance to retain or delete documents according to a review schedule.

GDPR and Active Directory

Active Directory can help with GDPR too. GDPR is affecting the extent to which companies must be able to audit everything from object modifications, logons and logoffs, user access and group policy. Reporting tools in Active Directory will most likely play a strong part in demonstrating your organisation is meeting the requirements.

And more…

These tools as well as many others can help to show how your organisation is working to identify and control sensitive and personal information in digital formats, as well as making it easy to destroy or present data when necessary.

If you would like to learn more about how these and other applications can help you to implement GDPR policies across Active Directory, Sharepoint, Exchange, File Storage and more then have a look at our GDPR Technical Tools course or give our Sales team a call.