Microsoft Embeds the EU's Data Transfer Rules into Office 365

Top Line: Microsoft will sign Office 365 contracts containing the EU's model data protection clauses

Frankfurt am Main, (PresseBox) - In 2010, the European Commission published a set of model clauses that can be added to services contracts where the service provider remotely processes personal data (either about employees or customers) on behalf of the customer. The clauses commit the service provider - whether an outsourced, hosted or cloud service - to observing the rules of the EU Data Protection Directive.

Microsoft says it is now able to sign contracts for Office 365 that contain these model clauses - in other words, it complies with the Data Protection Directive. Microsoft also says that Office 365 complies with the US HIPAA rules that protect healthcare data.

Bottom Line for ICT Buyers:

1. If you operate in or across Europe, and you store personal data about staff or customers, you will already be aware of your responsibilities under the EU Data Protection Directive. Hosting and outsourcing service providers will almost certainly comply with its rules, but since cloud services providers are the 'new kids on the block', you will need to check that they fulfill its requirements by asking them specific questions -- in particular, if they are willing to sign contracts with the model clauses.

2. Some countries have data transfer requirements that are more stringent and the EU's transfer rules may not be enough. Microsoft says that it meets or exceeds the requirements of all EU member states. Again, you will have to ask specific questions of your cloud services vendors. It is not just U.S. vendors that should be aware of the directive: European suppliers may find themselves out of compliance if they have built their data transfer requirements for one country (e.g. the UK) and now offer them in another (e.g. Germany). Cloud services vendors from the UK in particular need to ensure that they are ready to meet the more stringent privacy requirements of other European countries.

3. A wide range of business applications (often cloud based) are becoming 'socialized' to improve collaboration and business effectiveness. This means that the personal data of employees and business partners will be captured and stored either deliberately or inadvertently by many types of applications that previously contained no personal information. You will have to be careful to ensure that this scope creep does not inadvertently affect your own compliance.

Press releases you might also be interested in

Weitere Informationen zum Thema "Software":

Drei Prognosen zur Enterprise Cloud Transformation

Ju­ni­per Net­works hat sich dar­über Ge­dan­ken ge­macht, mit wel­chen Ent­wick­lun­gen und Trends im neu­en Jahr zu rech­nen sind. In Sa­chen Au­to­ma­ti­sie­rung spielt Dev­Ops ei­ne im­mer tra­gen­de­re Rol­le, au­ßer­dem im Fo­kus: Mi­cro­ser­vices und die Wand­lung Rich­tung Mul­ti-Cloud-Sze­na­ri­en.


Subscribe for news

The subscribtion service of the PresseBox informs you about press information of a certain topic by your choice at a choosen time. Please enter your email address to receive the email with the press releases.

An error occurred!

Thank you! You will receive a confirmation email within a few minutes.

I want to subscribe to the gratis press mail and have read and accepted the conditions.