GDPR provides people with the authority to manage personal data collected in an organization. Use these permissions through a data subject request (DSR). The organization must provide real-time information about DSR and data leakage, as well as the implementation of a data protection impact assessment (DPIA).
When implementing or evaluating GDPR requirements, several points should be considered:
The following tasks are related to achieving GDPR standards. Please follow the links in the list to get detailed information about the implementation.
Data Subject Request (DSR). The data subject makes a formal request to the controller to take action (change, restriction, access) of his personal data.
Leakage notice. Under the GDPR, personal data leakage is "a security breach that leads to accidental or illegal damage, loss, alteration, unauthorized disclosure or access to the transmitted, stored, or processed personal data."
Data protection impact assessment. The GDPR requires data controllers to prepare a Data Protection Impact Assessment (DPIA) for data operations that "may lead to high risks to the rights and freedom of natural persons".
As mentioned above, the GDPR’s recommended action plan and responsibility checklist provide guidelines for implementing or evaluating GDPR compliance when using Microsoft products and services.