Comply with the General Data Protection Regulation (GDPR)
Introduction
The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or those that collect and analyze data tied to EU residents, regardless of where they are located.
Fundamentally, the GDPR is about protecting and enabling the privacy rights of individuals. The GDPR establishes strict privacy requirements that govern how you manage and protect personal data while respecting individual choice—regardless of where data is sent, processed, or stored.
Shared responsibility model
Your compliance with the GDPR is an ongoing process and involves your role as a controller and, in some cases, Microsoft as a processor. Depending on which model-driven app your organization uses, you may find that you are both controller and processor or that you have a shared responsibility with Microsoft.
Unified Service Desk client application runs on-premises, so you hold both the controller and processor roles:
Controller. The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Within the context of the GDPR, a controller doesn't have to be located within the EU for the GDPR to apply.
Processor. The natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.
Data definitions
The GDPR considers personal data to be any information related to an identified or identifiable natural person. That can include both direct identification (such as your legal name) and indirect identification (such as specific information that makes it clear that it's you the data references). The GDPR makes clear that the concept of personal data includes online identifiers (such as IP addresses and mobile device IDs) and location data.
Stages of GDPR
| Stages of GDPR | Description |
|---|---|
| Discover | Identify what data under your control is subject to the GDPR. This analysis includes understanding what data you have and where it exists. |
| Manage | The GDPR provides more control over your data. GDPR lets you to manage access and control how data is used and accessed. |
| Protect | The GDPR require you to establish security controls to prevent, detect, and respond to the vulnerabilities and data breaches. |
| Report | The GDPR sets new standards in transparency, accountability, execution, data requests, and report data breaches. |