Skip to content

Microsoft Industry Blogs


Our December episode of the Retail Expert Series featured Attorney April Rettkowski, our retail expert in Microsoft’s Corporate, External and Legal Affairs Group, to discuss the upcoming European General Data Protection Regulation (GDPR). We examined the unique challenges and opportunities presented by the GDPR, discussed the top considerations for retailers when developing their compliance strategy, and shared how Microsoft can help you accelerate your journey to compliance. For this webinar debrief, I’d like to further explore how we can help you meet GDPR requirements with solutions available today.

Assessing your current risk profile

“How do I understand where I am already compliant and where I need to focus next?” This is one of the most common questions I hear from retailers in regard to the GDPR. It’s also one of the hardest to answer because every retailer is different. Fortunately, our new Compliance Manager solution can help. Compliance Manager enables you to conduct real-time risk assessment, providing one intelligent score that reflects your compliance performance against data protection regulatory requirements when using Microsoft cloud services. You will also be able to use the built-in control management and audit-ready reporting tools to improve and monitor your compliance posture. You can sign up for the preview program now.

Complying with the new consent requirements

As April discussed in our webinar, the GDPR sets a high bar for consent by stating that consent must be “freely given, specific, informed, and unambiguous.” Retailers will need to be able trace back how and when they obtained consent for personal data collection and processing. The intelligent classification, labeling, and protection capabilities found in our solutions Microsoft Azure Data Catalog, Office 365 Advanced Data Governance, and Office 365 eDiscovery will help you recognize the date types being collected, record what permissions the customer granted, and classify data accordingly.

Meeting data breach and protection obligations

As most of us are well aware due to the significant penalties for non-compliance, the GDPR introduces new obligations for data protection, increased accountability, and mandatory breach reporting. The good news is that compliance with these requirements will not only help current and future customers, but also your business. As the number and sophistication of cyberattacks increases, it becomes more urgent to protect your most important data with cutting-edge security capabilities. To better protect against threats, we built the Intelligent Security Graph, which links together security, business, and operational signals from across our commercial and consumer services to build richer threat context. This security intelligence enables solutions like Office 365 Advanced Threat Protection, Windows Defender Advanced Threat Protection, and Azure Active Directory to take action and bring in unified preventative measures that improve the efficiency of protecting, detecting, and responding to security incidents.

Responding to data subject requests

As we discussed during the webinar, retailers have increased obligations under the GDPR to comply with customers’ requests to access and correct errors in their personal data, erase data about them in certain instances, and object to processing of their personal data for particular purposes. Office 365 eDiscovery can help by making it easy to search for the personal data related to data subjects. And with our recent feature release, Office 365 Advanced eDiscovery can now analyze non-Office 365 data. Having one eDiscovery workflow for both Office 365 and non-Office 365 data will help you respond to data subject requests more efficiently and effectively.

I thoroughly enjoyed this episode of the Retail Expert Series because I know that while it’s not quite as flashy as chatbots, this is a very important topic for retailers. And after our conversation, I feel much more prepared for its arrival—and hopefully you do too! Even though the GDPR does present some unique and very real challenges for retailers, it was great to explore how it could help drive digital transformation and increase trust and loyalty with customers.

As always, if you have any questions about this webinar or topic recommendations, please let us know via twitter.com/msretail. Thank you!

—Shagun Lal

Missed our webinar? No problem. Watch the recording of our presentation to learn more about the GDPR and its effect in the retail industry—including top considerations for retailers.