What is GDPR?

In 2018, the General Data Protection Regulation (GDPR) came into force. This regulation affects all companies that deal with personal data within the European Union.

In this respect, the GDPR aims to strengthen the rights of data subjects. In other words, it gives consumers effective control over the personal data they provide to a company at a certain point in time.

In this context, a data breach is defined as "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal information transmitted, stored or processed".


Penalties for non-compliance

Microsoft Azure | GDPR

One of the requirements of GDPR is the ability to identify data and control who has access to it. In this regard, Microsoft Azure enables the management of user identities and credentials and access control through:

In addition, GDPR requires the protection of data contained in systems, reporting and compliance monitoring.

For example, it provides visibility and controls in relation to cloud security. It does this by monitoring resources, providing security recommendations and assisting in threat detection and deterrence.

Both data at rest and data in transit are protected. That is, data protection while being transferred from an application to the Azure environment.

It protects cryptographic keys, certificates and passwords. It also includes the guarantee that Microsoft cannot see or extract the keys. Azure logs allow you to monitor and audit the use of stored keys.

That is, configurable audit options and security logs. In addition, Log Analytics is able to collect and analyse data generated by local or cloud resources.

It locates leaks and is able to identify attackers. It achieves this through behavioural analysis and anomaly detection technologies.

Office 365 | GDPR

To ensure identification and management of access to personal data, Office 365 provides:

On the protection of personal data against security threats:

Able to detect advanced threats and provide proactive protection.

Identifies abnormal and high-risk uses.

Responsible for monitoring and tracking the activities of administrators and users.

Microsoft Dynamics 365 | GDPR

Microsoft Dynamics 365 allows you to manage and monitor access to data in the following ways:

With regard to the protection of personal data, Microsoft Dynamics 365 uses:

Important when integrating safety requirements at every step of the process.

Both in transit between user devices and data centres, and at rest in databases.


Already in its design, Microsoft incorporated industry-leading security features. Therefore, the transition to the new European legal framework is not as complicated as it could be.

In this regard, it has capabilities that enable it to ensure the integrity of personal data.

It can also manage what data is held, where it resides and can control how it is used and accessed by users. It is also able to establish effective security controls to prevent and detect vulnerabilities and incidents.


In order to control access to the database and the administration of the use of the data, there are safeguards that allow authorisations at different levels:

For the protection of data against security threats, SQL Server and SQL Database are equipped with:


Security has been a priority in the design of Windows 10 and Windows Server 2016. In this sense, they comply with the requirements of the new GDPR regulation through:

Do you want an appointment with a consultant?

Contact us with no obligation and we will advise you. Start the digital transformation of your company!

Schedule a call

Talk to a specialist who will advise you on the best Microsoft solutions for your business.

or call now

Opening hours
Monday to Friday from 9:00 to 18:00