Is Azure GDPR compliant?
Following our recent article on high availability and the uptime benefits of Microsoft Azure, the platform that hosts all UpriseVSI web developments and bespoke web applications, we take a look at how compliant the platform is going to be following the implementation of GDPR later in 2018.
What is Azure?
Microsoft Azure has been around for almost a decade now and is a mature, well-established cloud-based platform.
Designed to allow businesses to deploy their software applications and services, it’s available in 22 regions around the world, providing everything from data storage to complex security.
What is GDPR?
By now, most of us are aware of the impending General Data Protection Regulation (GDPR) deadline, and the important benefits it will bring to individual data privacy.
The new European Union (EU) data protection law will replace the old Data Protection Directive, which has been in effect since 1995.
The deadline is the 25th of May, 2018. So if you haven’t already done so, act now!
As a quick reminder, here are a few important things you need to know:
- Email contacts must be double opt-in
- You must have records of consent, so make sure your contact database has an audit
- It applies to new and existing data, so consider how you get acceptance from your old contacts.
- Data processing reports are required for all processing activities.
- Breaches must be disclosed within 72 hours, with those affected notified so they can take action.
Azure GDPR compliance
Microsoft was quick to provide tools and support for GDPR and there’s plenty of information on their website, as well as via third-party resources about how to achieve compliance.
We have already engaged with and completed the necessary changes in order for our hosting platform to deliver a GDPR environment for your website or application.
All information stored on Data Subjects needs to be encrypted.
There are a number of tools in Azure to comply with this requirement and at UpriseVSI, we ensure that both the storage and access to your customer contact details is encrypted as standard.
Azure standards and certification
The Microsoft Azure Cloud has a wide range of certifications and accreditations and meets with recognised standards.
Most people will be familiar with ISO 27001 which is the specification for information security management systems.
Combined with the highest level of Payment Card Industry PCI certification, Azure makes for an ideal platform for both security and privacy.
Personal data and international jurisdiction
The GDPR dictates that if data is to be transferred outside the EU then certain requirements must be met.
Microsoft Azure has data centres around the world grouped into regions so retaining data within the jurisdiction of the European Union is easily managed.
Every business needs to ensure that it is taking its own diligent measures when it comes to their GDPR compliance.
The deadline will be upon us soon and it’s imperative that everyone meets their requirements ahead of time.
The Microsoft Azure platform that we use at UpriseVSI can play a significant role in ensuring that you are meeting the required level of data security on your websites and applications.
If you’d like to learn more, then please get in touch with our technical specialists today.
Posted by Mark Thomas on
7 February 2018 at 12:00 AM