As I write this, we’re three months into GDPR and we’re yet to see any huge fines or investigations. There was such a buzz in the lead up, that the aftermath seems to be somewhat of an anti-climax so far. Companies spent months documenting their data and processes in preparation for GDPR, but the focus has now switched to maintaining, rather than achieving, compliance.
Thankfully, there are products out there to help. Microsoft’s AIP has three main ways to help: encryption, allowing and rescinding access to documents, and classification and labelling.
Encryption with AIP
Encryption is a key way to prevent data exposure. The GDPR states that a data breach doesn’t need to be reported to the affected people if the data controller implemented appropriate protective measures such as encryption. This is because encrypted information is unreadable without the encryption key, meaning a leak of encrypted data won’t expose anything.
Office Message Encryption (OME) which is a part of AIP allows you to encrypt your emails so that the information within them cannot be exposed. Users can manually encrypt documents and emails, or administrators can apply policy so that emails to and from specific individuals or all emails are encrypted. OME provides a much-needed additional layer of security for your emails, helping to keep yours and your customers’ data confidential.
Allowing and rescinding access to documents
AIP allows you to set limits on recipients’ actions – you can allow viewing, printing, copying, and forwarding of both emails and SharePoint documents. Users can also rescind access to documents once permission has been granted either manually or automatically by specifying an allocated time when it is available. This feature has long-term benefits as recipients won’t be able to access your confidential information outside of engagement.
Classification and labelling
This means you can choose who can see documents and folders, and assign levels of confidentiality and importance. If a user were to apply an AIP policy to a document that meant the recipient could only view the document, the information that this applies to cannot be copied, sent, or screen grabbed for example – it keeps the information completely secure. This means that confidential information cannot be shared or stored by recipients.
In terms of GDPR this means that your business information is kept completely secure, and your customer information cannot be passed on or stored. If you were to send customer information to the wrong email address for example, with the addition of AIP, the information would be encrypted, couldn’t be accessed and, therefore, you wouldn’t be in breach of GDPR.