“Helping partners build GDPR practices is critical. I have prioritized this as a key accountability for the One Commercial Partner teams so customers can progress more quickly on their journey toward [General Data Protection Regulation] compliance with the best levels of partner support.”
— Gavriella Schuster,
Corporate Vice President, One Commercial Partner
GDPR enforcement has begun. It’s an important milestone for our partners, who are out front and center with customers supporting their digital transformation.
Today (May 25), Alym Rayani, Director of Microsoft 365, will highlight our commitment to GDPR in a webcast titled Safeguarding individual privacy rights with the Microsoft cloud. Register here.
Partner offerings around GDPR typically pivot into 4 different areas:
1. Advisory services. GDPR compliance requires more than technology implementation. Customers also need legal advice and help with changing internal processes.
For example, Microsoft partner EY believes GDPR is an integrated exercise set within each firm’s privacy risk management framework. Their holistic approach supports compliance of the most visible obligations of the GDPR, including records of processing activities and data subject rights fulfillment. EY also sees GDPR as an opportunity for companies to address challenges broader than compliance, specifically data governance and user experience of privacy.
Not all partners provide advisory services, but these services are in high demand from customers to meet compliance. If you have clients that need consulting or legal help, and that’s not your company’s specialty, we recommend using partners with this expertise; the list below is a good starting point.
2. Discovery and assessment services. Many partners use education and gap analysis to drive awareness about the GDPR, especially with non-European customers. Our GDPR Foundations Training is available and an ideal way to introduce the basics with a 45-minute or half-day session. Assessment tools such as the Microsoft GDPR Detailed Assessment (available in five languages) identify gaps and create a multi-year plan to improve customer compliance.
Oxford Computer Group gives customers a service that evaluates their data security and privacy posture against industry standards for security governance and management. Their service provides ongoing improvement and visibility of customers’ posture with continual assessment, surfacing remediation recommendations, and the option of implementation and support services.
“We’re listening. The Microsoft 365 engineering team is regularly in touch with partners to get feedback so we can continue to provide the capabilities customers and partners are looking for.”
— Rudra Mitra, Partner Director of Program Management, Office 365
3. Deployment and implementation services. As part of their GDPR compliance journey, customers often need help identifying where data resides. They need to find data, optimize processes, and implement the right solutions to meet regulatory requirements.
Deployment and implementation partners use technology and expertise to make it real for customers. To support these partners, we have the Data Discovery Toolkit.
Lighthouse’s legal and technology experts work together to get their customers GDPR compliant. In addition to offering advisory services, they help customers implement Microsoft technologies with a roadmap based on recommended services, technology, and support. They also drive customers to adopt new processes and technologies.
4. GDPR managed services. While today (May 25) marks the date that GDPR takes effect, ensuring ongoing compliance will require continuous attention and action. In response, many partners have added managed services for GDPR and use Microsoft Compliance Manager and capabilities such as data subject requests to help customers.
Three Netherlands partners, Audittrail, Mavim and Motion10, used their unique skill sets to create a joint GDPR offering under the name of “5.25”. They believe the only sustainable solution to GDPR is taking an all-inclusive approach. Audittrail assesses, manages, and controls internal customer processes, Mavin translates that into architecture, and Motion10 configures customer IT systems to meet GDPR objectives and offers a future-proof solution to help customers stay compliant.
“GDPR is the most significant privacy law enacted in a generation. Microsoft is fully committed to GDPR and to helping enable solutions for our customers and partners in their GDPR compliance journey.”
— Julie Brill, Corporate Vice President and Deputy General Counsel
GDPR partner list
We’re always adding to our list of partners ready to help with GDPR compliance, and connecting partners without in-house compliance capabilities to those with complementary offerings. If you’d like to be included in this list, please contact your Partner Development Manager.
If you provide GDPR Advisory Services and want to partner with us, please drop us a line.
Natee Pretikul | Senior Partner Marketing Manager
Ankur Arora | Director, WW Partner Strategy: Security & Compliance
Microsoft Partners helping customers in their GDPR journey:
Learn more and leverage your Microsoft Partner Community in preparation for GDPR Compliance by clicking here.