Geographic data residency in Copilot Studio
Geographic data residency refers to the policies and practices that govern where data is stored, processed, and managed geographically. This concept is crucial for organizations that need to comply with various regulatory requirements, ensure data sovereignty, and optimize data access and performance.
Microsoft Copilot Studio addresses the needs of geographic data residency by ensuring that data is stored and processed in compliance with regional regulations and organizational policies.
This involves focusing on key aspects such as security, privacy, the General Data Protection Regulation (GDPR), data location, and compliance. By adhering to these principles, Copilot Studio helps organizations manage their data effectively across different regions, ensuring that they meet regulatory requirements and maintain data sovereignty.
This approach not only optimizes data access and performance but also provides a robust framework for data management in a globally distributed environment.
Security
Security is paramount when dealing with geographic data residency. Copilot Studio employs robust security measures to protect data at rest and in transit. Data is encrypted using industry-standard protocols, ensuring that unauthorized access is prevented. Additionally, Microsoft continuously monitors and updates its security infrastructure to defend against emerging threats.
Learn more about security and geographic data residency in Copilot Studio.
Privacy
Privacy is a cornerstone of data handling practices in Copilot Studio. The platform adheres to strict privacy policies to ensure that user data is not only protected but also used responsibly. Microsoft Copilot Studio provides transparency about data collection, usage, and storage, allowing users to make informed decisions about their data.
Learn more about privacy in Copilot Studio.
General Data Protection Regulation (GDPR)
The GDPR imposes stringent requirements on how personal data is handled. Microsoft Copilot Studio is designed to comply with GDPR by ensuring that data is stored within the designated geographic boundaries and that data subjects’ rights are respected. This includes the ability to handle Data Subject Requests (DSRs) and perform Data Protection Impact Assessments (DPIAs).
Learn more about GDPR in Copilot Studio.
Data locations
Microsoft Copilot Studio allows organizations to choose where their data is stored, providing flexibility to meet regional data residency requirements. Data can be stored in various Azure datacenters across the globe, ensuring that it remains within the specified geographic boundaries. This capability is crucial for organizations with specific data localization needs.
Learn more about Data Locations in Copilot Studio.
Compliance
Compliance with regional and international regulations is a key focus for Copilot Studio. The platform supports compliance with various data protection laws, including GDPR, CCPA, and others. By providing tools and features that facilitate compliance, Microsoft Copilot Studio helps organizations mitigate legal risks and maintain trust with their users.
Learn more about Compliance in Copilot Studio.
Data Flows Using Connectors
Copilot Studio and Power Platform utilize connectors to facilitate seamless data flows between various systems and services. These connectors act as proxies or "wrappers" around APIs, enabling communication between Microsoft services (like SharePoint, Dataverse, and Microsoft Graph) and external systems (such as Salesforce and other third-party APIs).
Data that is transmitted as part of a connector for a Microsoft service follows this process:
Initiation: A user action or an automated trigger initiates the data flow.
Connector invocation: The appropriate connector is invoked to handle the data transfer. For example, an agent can invoke a Power Automate flow to use the SharePoint connector to move data from a form submission to a SharePoint list.
Data transfer: Data is securely transferred between systems. Connectors ensure that data is encrypted during transit and adhere to the security protocols of both the source and destination systems.
Processing and storage: Once the data reaches its destination within the Microsoft cloud, it is processed and stored according to the predefined rules and configurations. For instance, data sent to Dataverse can be used to trigger further workflows or analytics.
Compliance and monitoring: Throughout the data flow, compliance with regional regulations and organizational policies is maintained. Microsoft provides tools to monitor and audit these data flows, ensuring transparency and accountability.
When using connectors to send and retrieve data from external systems (example Salesforce), the responsibility to maintain the measures described in this article depends on whether the connection is to Microsoft services or external services:
For connectors that send and retrieve data from external, non-Microsoft systems (such as Salesforce), the responsibility belongs to the agent maker.
For connectors communicating inside the Microsoft cloud, these responsibilities are handled by Microsoft.
For more information on using connectors in Copilot Studio and Power Platform, see the Use Power Platform connectors in Copilot Studio article.