How to manage personal data with GDPR Hub and Microsoft 365

When storing data covered by the GDPR, it is important that you have clearly defined rules for how long it should be kept. The length of retention depends on the type of personal data involved. The GDPR Hub's compliance manager contains advisory material and concrete recommendations on how long personal data may be stored and provides practical suggestions on how to set up such rules for your particular environment in Microsoft's cloud services.

The hub will help you to pre-set the storage or deletion of data based on whether it is direct, indirect or sensitive personal data - through different types of form templates, for example. For each classification of personal data, you set specific rules that you also document in the hub. For example, when staff create Word documents, they can set a classification of the document that indicates whether it contains personal data and, if so, what type; whereupon various automated flows determine how the document is stored.

Another important part of managing personal data is maintaining consent records - documenting and storing all the consents to the processing of personal data that your company has received. For this purpose, the hub provides a consent library where you collect consents in an easy-to-read register.

The Hub itself does not perform these tasks but it provides you with tools for documentation and guidance with concrete suggestions on what to do to comply with the GDPR. The work thus becomes an interaction between you, the hub and your environment.

To handle all possible requests for extracts of personal data, you can use the guidelines and applications in the GDPR Hub to automate flows for different events. This is to streamline the work as much as possible. Companies that receive many requests will otherwise have to spend endless time and resources on handling the requests. Therefore, the GDPR Hub provides specific flow templates that describe how you can automate different steps in the process of handling requests.

Being able to use Mobile BankID to verify the identity of the person making a request is a key part of the efficiency improvement, but also in terms of personal data management with built-in security (privacy by designBeing able to verify the identity of the person making a request is partly a way to protect the business from unnecessary handling of illegitimate requests so that unnecessary time and resources are not spent on this. On the other hand, it also protects the individual requesting data, as this way you know that the personal data will not end up in the wrong hands.

With a framework of tools and support materials that we at WeSafe have developed for Microsoft's cloud services, it is easier to maintain an effective way of working in your continued and ongoing pursuit of GDPR compliance. The functionality we suggest is not something that the "regular" Office 365 user would otherwise benefit from. It simply requires too much time to find the features and learn them on your own. With the hub, you don't have to reinvent the wheel because we have already done the groundwork to understand, interpret and write the solutions. You simply get the functions and descriptions of how to use them "served" through the hub. All you have to do is apply them to your business.

Would you like more information on how we can help you in your continued GDPR work? Feel free to read previous texts in our blog. Or contact us directly!