Microsoft Cloud Agreement and DSGVO: What You Need to Know

The General Data Protection Regulation (GDPR) is the European Union`s new data protection law that came into effect on May 25, 2018. The GDPR aims to give EU citizens more control over their personal data and to harmonize data protection laws across all EU member states.

If you are a business that processes the personal data of EU citizens, you need to comply with the GDPR. This includes using cloud services providers like Microsoft Azure, Office 365, and Dynamics 365. In this article, we’ll discuss how Microsoft`s cloud agreement complies with the GDPR, also known as the DSGVO in German.

What is the Microsoft Cloud Agreement?

The Microsoft Cloud Agreement is the baseline agreement that governs the use of Microsoft`s cloud services, including Azure, Office 365, and Dynamics 365. The agreement contains the terms and conditions that you must comply with to use Microsoft`s cloud services.

Does the Microsoft Cloud Agreement Comply with the GDPR?

Yes, Microsoft`s cloud agreement is compliant with the GDPR. The terms and conditions of the agreement include provisions that are required by the GDPR, such as data processing agreements, security measures, and breach notification requirements.

Data Processing Agreements

Under the GDPR, you must have a data processing agreement (DPA) in place with any third-party service provider that processes personal data on your behalf. Microsoft has a pre-built DPA that meets the GDPR`s requirements and is available to its customers. The DPA sets out the terms and conditions under which Microsoft will process personal data on your behalf.

Security Measures

The GDPR requires companies to implement appropriate technical and organizational measures to ensure the security of personal data. Microsoft`s cloud services include a range of security features, such as encryption, access controls, and threat detection. Microsoft also conducts regular security audits and risk assessments to ensure that its cloud services remain secure.

Breach Notification Requirements

Under the GDPR, companies must notify relevant authorities and data subjects of any data breaches within 72 hours of becoming aware of the breach. Microsoft`s cloud agreement includes a breach notification clause that requires Microsoft to notify you without undue delay in the event of a data breach.

Conclusion

If you are a business that processes personal data of EU citizens using Microsoft`s cloud services, you need to ensure that you are compliant with the GDPR. Microsoft`s cloud agreement includes the necessary provisions to comply with the GDPR, such as data processing agreements, security measures, and breach notification requirements. By using Microsoft`s cloud services and complying with the GDPR, you can ensure that you are protecting the personal data of EU citizens.