How to manage personal data with the GDPR Hub and Microsoft 365

In this, our second article on the four key areas of the GDPR Hub, we take a deep dive into the business of managing personal data. An area that essentially deals with how personal data should be handled in requests for records. The work is also strongly linked to how you should classify personal data and regulate how long it is kept. All these processes are very time-consuming if you handle them manually. Learn more about how the GDPR Hub can help you automate them!

Set rules for how personal data is stored

When storing data covered by the GDPR, it is important that you have clearly pre-defined rules on how long it should be stored. How long it can be stored is in turn related to the type of personal data involved. The GDPR Hub's compliance manager provides advisory material and concrete recommendations on how long personal data can be stored, and gives practical suggestions on how to set such rules for your particular environment in Microsoft Cloud Services.

The hub helps you set up data storage or deletion in advance, based on whether it is direct, indirect or sensitive personal data - through different types of form templates, for example. For each classification of personal data, you set specific rules that you also document in the hub. For example, when staff create Word documents, they can set a classification for the document that indicates whether it contains personal data and, if so, what type; then various automated flows determine how the document is stored.

Another important part of managing personal data is maintaining consent records - documenting and storing all the consents to the processing of personal data that your company has received. For this purpose, the hub provides a consent library where you can collect consents in an easy-to-read register.

The Hub itself does not perform these tasks, but it provides you with documentation tools and guidance with concrete suggestions on what to do to comply with the GDPR. In this way, the work becomes an interaction between you, the hub and your environment.

Request for extraction of personal data

To manage any requests for personal data records, you can automate the flow of events using the guidelines and applications in the GDPR Hub. This is to make the work as efficient as possible. Otherwise, companies that receive many requests will have to spend endless time and resources on handling the requests. Therefore, specific flow templates are available in the GDPR Hub that describe how you can automate different events in the process of handling requests.

Being able to verify the identity of the person making a request using Mobile BankID is a key part of streamlining, but also in terms of personal data management with built-in security (privacy by designBeing able to verify the identity of the person making a request is a way of protecting the business from unnecessary handling of illegitimate requests so that unnecessary time and resources are not spent on this. It also protects the individual requesting the data, as it ensures that the personal data does not fall into the wrong hands.

A framework of knowledge and functions

With a framework of tools and support materials that we at WeSafe have developed for Microsoft Cloud Services, it's easier to maintain an effective approach in your ongoing and continuous pursuit of GDPR compliance. The functionality we suggest is not something that the "regular" Office 365 user would otherwise benefit from. It simply requires too much time to find the features and learn them on your own. Through the hub, you don't have to reinvent the wheel because we've already done the groundwork to understand, interpret and write the solutions. You simply get the functions and descriptions of how to use them "served" through the hub. All you have to do is apply them to your business.

Would you like more information on how we can help you in your ongoing GDPR work? Please read our previous blog posts. Or contact us directly!

Inspiration and knowledge straight to your inbox

Sign up for our monthly inspirational newsletter that provides tips, insights and advice on new ways of working, processes and security related to Microsoft 365, Azure and various tools in the Microsoft cloud platform.

Free Security Analysis of your Microsoft 365 environment

Free safety analysis

Get concrete and actionable tips on how to better protect your organisation

Read more and book

Are you interested in other blog articles about Security?

Want to know how we can help your business with Security and Compliance? Get in touch and we'll tell you more!