Some Things Don’t Change: Office 365 As a Solid Foundation for GDPR Compliance

Back to Blog

Imagine, for a moment, that we’re back in the year 1995. Microsoft releases Windows 95 and changes the game with the “desktop”. Netscape Navigator and America Online (AOL) allow millions to access the World Wide Web for the first time. And though the European Union releases their Data Protection Directive, the prevailing wisdom is that the internet has just entered us into a world of instant information.  Everyone is granted freedom to the information they want, and it never goes away…  just like a real-time updated Compton’s Encyclopedia of information on any business, person or thing that ever existed.

Now, let’s flash forward to November 2017, just 6 months from when the EU’s General Data Protection Regulation (GDPR) goes into effect, and we see that things have changed significantly. The GDPR gives European individuals ownership of their personal data,  which includes data in their work emails or on internet sites,  and the GDPR carries significant reporting requirements which must detail where and how personal data is being used, processed and stored.  Moreover, individuals also have the “right to be forgotten”, providing them with a process that can permanently delete their personal data.

In just 22 years, the GDPR represents a significant shift in how we view information, particularly personal data, on the internet. Yet interestingly, some things don’t change. Once again, more and more corporations flock to Microsoft. This time, however, it’s not an operating system changing the game, but something else entirely:  Office 365: The single source of truth.  The one stop shop for all corporate information.  The holy grail of eDiscovery search and review.   From the perspective of a CIO, not only does one have all the security and governance around the Office 365 platform, but Microsoft has also provided the basic framework for ensuring GDPR Compliance ahead of the deadline of May 2018.

There are several key reasons why corporations should seriously consider Office 365 for GDPR:

  • Data Governance – the O365 platform can provide governance and security around data.
  • Data Remediation –When and how records are deleted is easily controlled in O365
  • Records of Processing Activities – O365 can report on how data is processed
  • Search Locations – Search all data locations and append or delete records as required.
  • Reporting – O365 builds a solid framework for reporting and Dashboards are required to show where and how information is being used

Not only does Office 365 provide a low-cost and high-value platform for corporations migrating to the cloud, it’s also a solid foundation required for GDPR compliance.  Given that most companies are only now planning how they will meet this deadline, why not think like it’s 1995? Stick with Microsoft, be the hero, and save your company the huge penalties that failure to comply with the GDPR will bring. After all some things don’t change.

Written by Chris Hurlebaus, Director, Client Engagement, eTERA Consulting.  Chris can be reached at

Share This:

Back to Blog

Leave a Reply

Your email address will not be published. Required fields are marked *