Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prepare for the GDPR and data privacy compliance with Windows 10

Published byAnnabella Hill Modified over 6 years ago

Similar presentations

Presentation on theme: "Prepare for the GDPR and data privacy compliance with Windows 10"— Presentation transcript:

1 Prepare for the GDPR and data privacy compliance with Windows 10
6/8/2018 4:19 PM Prepare for the GDPR and data privacy compliance with Windows 10 Milad Aslaner Senior Product Manager Cybersecurity First 15 tweets with a selfie picture in this room (from where you are , no need to stand up  ) participate in raffle. Use #MSIgnite + #BRK2427 @MiladMSFT © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 6/8/2018 4:19 PM Agenda 2 General Data Protection Regulation 4 Windows 10 Privacy 5 Supporting your GDPR journey with Windows 10 3 Microsoft Threat Intelligence 1 Data Protection [ In just under a year the new General Data Protection Regulation (GDPR) will take effect. It will have an impact on twenty-eight million companies on how they store, process, and track personal data from customers and employees. In this session Milad Aslaner, Senior Product Manager for Cybersecurity talks about what you need to know on GDPR and data privacy when it comes to Windows 10. ] © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 6/8/2018 4:19 PM Data Protection © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 6/8/2018 4:19 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Quick Check 1 2 3 4 5 Did you enjoy the attendee party?
6/8/2018 4:19 PM Quick Check 1 Did you enjoy the attendee party? 2 Does your organization has a full-time Data Protection Officer? 3 Did you read the Terms and Conditions of all social networks and messaging apps? 4 Are you able to detect and respond to data leakage? 5 Did you know the General Data Protection Regulation can impact organizations outside the EU? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 6/8/2018 4:19 PM Social Media Facts 1.6 Million posts are made to Facebook every 30 seconds Over 467 million active users on LinkedIn Over new pins are pinned on Pinterest every 30 seconds 6.000 tweets happen every second © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Information is the new currency
6/8/2018 Information is the new currency Hacker Contacts, location, birthday and more Names of friends and family members Hobbies, favorite food, favorite hotel etc. Hacker Understand business strategy Insights on new products and end customers PII data such as customer name, ID etc. Device protection Device protection Consumer Commercial Always keep profile updated Survey with own customers FB Foensic Analysis Device Health attestation  Device Guard Device Control Security policies Device Health attestation  Device Guard Device Control Security policies Chat with friends and family Advertise new products to targeted audience Play new games, share favorite food or travel locations Customer support for the new generation © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Protection customer privacy

9 General Data Protection Regulation
6/8/2018 4:19 PM General Data Protection Regulation © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Providing clarity and consistency for the protection of personal data
6/8/2018 4:19 PM Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations in the European Union (EU) and those that offer goods and services to people in the EU, or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data Mandatory breach reporting Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 What are the key changes to address the GDPR?
Microsoft Envision 2016 6/8/2018 4:19 PM What are the key changes to address the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Individuals have the right to: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Organizations will need to: Protect personal data using appropriate security Notify authorities of personal data breaches Obtain appropriate consents for processing data Keep records detailing data processing Organizations are required to: Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies Organizations will need to: Train privacy personnel & employee Audit and update data policies Employ a Data Protection Officer (if required) Create & manage compliant vendor contracts © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 What does this mean for my data?
Stricter control on where personal data is stored and how it is used Better data governance tools for better transparency, recordkeeping and reporting Protecting customer privacy with GDPR Improved data policies to provide control to data subjects and ensure lawful processing

13 Supporting our customers with contractual commitments
We will stand behind you with contractual commitments for our cloud services that: Meet stringent security requirements Support customers in managing data subject requests Provide documentation that enables customers to demonstrate compliance for all the other requirements of the GDPR applicable to processors and more Microsoft was the first major cloud services provider to make these commitments to its customers. Our goal is to simplify compliance for our customers with both the GDPR and other major regulations. The GDPR commitments are now available in the Online Services Terms (OST) at

14 Preparing for the GDPR Simplify your privacy journey
GDPR Compliance GDPR Compliance Simplify your privacy journey Elevate your privacy practices with our cloud Uncover risk & take action Use our solutions to expose areas of risk and respond with agility and confidence Leverage guidance from experts Use our partner network to help you meet your privacy, security, and compliance goals

15 Simplify your privacy journey
Centralize, Protect, Comply with the Cloud Process all in one place Centralize processing in a single system, simplifying data management, governance, classification, and oversight. Maximize your protections Protect data with industry leading encryption and security technology that’s always up-to-date and assessed by experts. Streamline your compliance Utilize services that already comply with complex, internationally- recognized standards to more easily meet new requirements, such as facilitating the requests of data subjects.

16 Uncover risk and take action
Discover data across systems Govern access and processing Protect through the entire lifecycle 1 1 1 1 1 Easily discover and catalog data sources Increase visibility with auditing capabilities Identify where personal info resides across devices, apps and platforms Enforce use policies and access controls across your systems Classify data for simplified compliance Easily respond to data requests and transparency requirements Protect user credentials with risk-based conditional access Safeguard data with built-in encryption technologies Rapidly respond to intrusions with built-in controls to detect and respond to data breaches

17 Leverage guidance from experts
+ + Learn from our experience Leverage our GDPR preparation resources Engage our global partner ecosystem

18 How do I get started? Discover 1 Manage 2 Protect 3 Report 4
6/8/2018 4:19 PM How do I get started? Discover Identify what personal data you have and where it resides 1 Manage Govern how personal data is used and accessed 2 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 3 Report Keep required documentation, manage data requests and breach notifications 4 © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 6/8/2018 4:19 PM Quick Check 1 Do you believe the GDPR will require changes on how your organization process data? 2 Will Microsoft support your GDPR journey? 3 Can technologies such as WDATP help to detect and respond to cyber-attacks? © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Microsoft Threat Intelligence
6/8/2018 4:19 PM Microsoft Threat Intelligence © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Holistic security approach
Platform Intelligence Partners

22 SOLUTIONS TO HELP YOU PREPARE FOR THE GDPR 6/8/2018 4:19 PM Office EMS
Windows Hello Advanced Threat Protection Data Loss Prevention Threat Intelligence Audit Logs eDiscovery Information Protection Transparent Data Encryption Always Encrypted Threat Detection Key Vault Data Log Security Center Intune Cloud App Security Active Directory Data Classification Analytics Data models Office EMS Microsoft Azure SOLUTIONS TO HELP YOU PREPARE FOR THE GDPR Dynamics SQL Windows Server Windows Windows Defender Suite © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Using intelligence to fight cyberthreats
Intelligence from billions of end points CYBER DEFENSE OPERATIONS CENTER Secure Enterprise environment Sort and analyze telemetry data for suspicious behavior Defend & respond to attacks SERVICE HEALTH DASHBOARDS SECURITY TOOLS Insights drive intelligent tools and health dashboards 300B user authentications each month 1B Windows devices updated 200B s analyzed for spam and malware LOGGING & AUDITING Privacy & Compliance boundary Improved defenses

24 6/8/2018 4:19 PM Windows 10 Privacy © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Privacy Privacy by design means that we do not use your information for anything other than providing you services Privacy controls Transparency No Advertising Various customer controls at admin and user level to enable or regulate sharing If the customer decides to leave the service, they get to take to take their data and delete it in the service Access to information about geographical location of data, who has access and when Notification to customers about changes in security, privacy and audit information No advertising products out of Customer Data No scanning of or documents to build analytics or mine data

26 6/8/2018 4:19 PM Privacy principles Your data, powering your experiences, controlled by you. Control. We offer customers control of the telemetry they share with us by providing easy-to-use management tools. Transparency. We provide information about the telemetry that Windows and Windows Server collects so our customers can make informed decisions. Security. We encrypt telemetry in transit from your device and protect that data at our secure data centers. Strong legal protections. We respect customers’ local privacy laws and fight for legal protection of their privacy as a fundamental human right. No content-based targeting. We take steps to avoid and minimize the collection of customer content, such as the content of files, chats, or s, through the Windows telemetry system. Customer content inadvertently collected is kept confidential and not used for user targeting. Benefits to you. We collect Windows telemetry to help provide you with an up-to-date, more secure, reliable and performant product, and to improve Windows for all of our customers. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 What is Windows Analytics?
6/8/2018 4:19 PM What is Windows Analytics? Essential data, necessary to provide the service and keep Windows and Apps healthy OS and app insights vital system data Telemetry (data collected from Windows devices), gives every Windows customer a voice in the ongoing development of our products and services. The information we receive from telemetry helps us understand how the product is behaving in the real world, tells us where to focus our efforts, and informs our decision making. It is a real benefit for Windows 10 customers to be represented in the dataset that forms the basis of future design decisions and helps identify problems that require Microsoft’s attention. Optional data, gives insights which help Microsoft provide a more personalized experience for the user and improve Windows for all users © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 How is Analytics used? We collect only what we need
6/8/2018 4:19 PM How is Analytics used? We collect only what we need We process it quickly, then delete it We limit access Users control level © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Supporting your GDPR journey with Windows 10
6/8/2018 4:19 PM Supporting your GDPR journey with Windows 10 © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Windows 10 Protect devices with industry-leading encryption, anti-malware technologies, and identity and access solutions Protect Windows Hello for Business Windows Defender Credential Guard Device Guard Windows Information Protection Windows Defender Advanced Threat Protection BitLocker Drive Encryption Shielded Virtual Machines Just Enough Administration and Just in Time Administration Report

31 Windows 10 Protect devices with industry-leading encryption, anti-malware technologies, and identity and access solutions Protect Windows Hello for Business Windows Defender Credential Guard Device Guard Windows Information Protection Windows Defender Advanced Threat Protection BitLocker Drive Encryption Shielded Virtual Machines Just Enough Administration and Just in Time Administration Report

32 Windows Operating System
6/8/2018 Credential Guard Pass the Hash (PtH) attacks are the #1 go-to tool for hackers. Used in nearly every major breach and APT type of attack Credential Guard uses VBS to isolate Windows authentication from Windows operating system Protects LSA Service (LSASS) and derived credentials (NTLM Hash) Fundamentally breaks derived credential theft using MimiKatz, Kernel Windows Platform Services Apps SystemContainer Credential Guard Trustlet #2 Trustlet #3 Hypervisor Device Hardware Windows Operating System Hyper-V © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

33 Windows Operating System
6/8/2018 4:19 PM Device Guard Windows desktop locked down to only run trusted apps Untrusted apps and executables, such as malware, are unable to run Signed policy secures configuration from tampering Protects system core (kernel mode) and drivers from zero days and vulnerabilities Requires Windows 8 certified or greater hardware with VT-X and VT-D Kernel Windows Platform Services Apps SystemContainer Device Guard Trustlet #2 Trustlet #3 Hypervisor Device Hardware Windows Operating System Hyper-V © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Windows Information Protection
6/8/2018 Windows Information Protection Enrollment Data Wipe Data coming from corporate network location automatically protected by WIP By defining corporate network locations as those which include GDPR-related “personal data” processed by the company, Customers gain an automatic method to protect them when downloaded/copied on the device Data Ingress Data Egress Data Genesis & Use Protection can be maintained anywhere on the device or when data moves to removable storage. Azure Information Protection can be used maintain protection in B2B scenarios. Selectively wipe corporate data (and so the included GDPR-related “personal data” copy on the device) on demand or when device is unenrolled © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

35 Windows Information Protection
6/8/2018 4:19 PM Windows Information Protection Demo © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 Windows Defender Advanced Threat Protection
Built in to Windows 10, not bolted on Sensors are built deep into Windows 10. No additional deployment and infrastructure. Behavior-based, cloud-powered breach detection Signature-less, intelligent, behavioral, machine learning and past attack detections. Actionable, correlated alerts for known and unknown adversaries. Best of breed investigation experience Up to 6 months of historical data for every endpoint, global search across machines, files, processes registry, users, IPs, URLs Unique threat intelligence knowledge base Unparalleled threat optics provide detailed actor profiles 1st and 3rd party threat intelligence data. Response based on the Windows stack Rich SOC toolset ranging from machine-specific intervention or forensic actions to cross-machine blacklisting © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION

37 Windows Defender ATP Demo 6/8/2018 4:19 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 GET ANSWERS TO COMMON ENTERPRISE QUESTIONS AT THE MICROSOFT TRUST CENTER
Centralized resource documenting adherence to security & privacy compliance Detailed information on the foundational trust tenets: privacy, security, compliance, and transparency Available in 12 languages Learn more at

39 Resources Microsoft.com/GDPR GDPR Assessment Tool Guidance Whitepapers
GDPR F.A.Q. Solutions

40 6/8/2018 4:19 PM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Prepare for the GDPR and data privacy compliance with Windows 10"

Similar presentations

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.

Enterprise CAL Overview. Different Types of CALs Standard CAL base A component Standard CAL is a base CAL that provides access rights to basic features.
Understanding Active Directory

Understanding Active Directory
Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.

Boris Ulík Technology Solutions Professional Microsoft Slovakia Microsoft ® System Center 2012: System Center Endpoint Protection 2012.
Devices 10 billion Internet- connected devices by 2016 People 1 billion+ people use social media services today Cloud 30 % of data will live in or pass.

Devices 10 billion Internet- connected devices by 2016 People 1 billion+ people use social media services today Cloud 30 % of data will live in or pass.
Planning Engagement Kickoff

Planning Engagement Kickoff
View the Microsoft external site for more information: www. Microsoft

View the Microsoft external site for more information: www. Microsoft
Microsoft 365 Security and Compliance: Training and Resources

Microsoft 365 Security and Compliance: Training and Resources
Secure your complete data lifecycle using Azure Information Protection

Secure your complete data lifecycle using Azure Information Protection
The time to address enterprise mobility is now

The time to address enterprise mobility is now
Deployment Planning Services

Deployment Planning Services
Hybrid Management and Security

Hybrid Management and Security
Agenda Compliance Vision About Data Governance Demo

Agenda Compliance Vision About Data Governance Demo
Deployment Planning Services

Deployment Planning Services
Office 365 FastTrack Planning Engagement Kickoff

Office 365 FastTrack Planning Engagement Kickoff
Now, let’s implement/trial Windows Defender Advanced Threat Protection

Now, let’s implement/trial Windows Defender Advanced Threat Protection
Secure Hyperconnectivity with TeamViewer and Windows technologies

Secure Hyperconnectivity with TeamViewer and Windows technologies
Microsoft Virtual Academy

Microsoft Virtual Academy
Identity & Access Management for a cloud-first, mobile-first world

Identity & Access Management for a cloud-first, mobile-first world
Deployment Planning Services

Deployment Planning Services
Accelerate GDPR compliance with Microsoft 365

Accelerate GDPR compliance with Microsoft 365

Similar presentations

Ads by Google