Skip to main content
White Closing Arrow Created with Sketch. home-fingerprint-oval Created with Sketch. home-fingerprint Created with Sketch. menu-bkg-icon Created with Sketch. menu-icon1-active Created with Sketch. menu-icon1 Created with Sketch. menu-icon2-active Created with Sketch. menu-icon2 Created with Sketch. menu-icon3-active Created with Sketch. menu-icon3 Created with Sketch. menu-icon4-active Created with Sketch. menu-icon4 Created with Sketch. menu-icon5-active Created with Sketch. menu-icon5 Created with Sketch. page1-chart Created with Sketch. Compilance Preventing data losses 51% 61% page2-icon1 Created with Sketch. page2-icon2 Created with Sketch. page3-icon1 Created with Sketch. page3-icon2 Created with Sketch.
icon_feedback

Did you find this content useful?

Data protection and governance:

What you need to know

Fingerprint scanner icon

Click & hold to discover

Access guaranteed

Introduction

Maintain more data with the
right compliance strategy

The amount of electronic data being created by organizations is growing exponentially. As your data volume expands, staying compliant in a sea of new and changing global regulations, such as the General Data Protection Regulation (GDPR), adds new layers of complexity. Many organizations are exposing themselves to unnecessary risk, including steep fines, because they don’t have a good inventory of all the data they have, or adequate policies in place to protect it.

163ZB

of data created each year by 2025¹

Quality data governance protects your and your customers’ data across devices, apps, and cloud services. Do you have specific compliance concerns? Access issues? A growing volume of sensitive data? Every organization is different, but every data governance strategy requires:

  • An inventory of your data

  • Policies to protect and maintain it

  • Training to support your strategy

  • Monitoring and updates

1.

Build a comprehensive
data inventory

To protect your data, you need to know what you have by building a comprehensive data inventory that accurately maps the flow of personal data across your entire business. You’ll need to know answers to the following questions:

  • Are you dealing with sensitive employee or customer data, or both?

  • What kind of data do you have, and does any of it require special compliance measures (i.e., health or financial data)?

  • Where is your data stored, who has access to this information, and from what devices?

  • Do you have adequate access and identity control measures in place?

  • How long do you keep your data, and why?

The biggest drivers for data governance²

2.

Implement data
protection
policies

Because data is created and shared across boundaries—devices, apps, and cloud services—it’s imperative that you protect that data throughout its entire lifecycle and across your environment. This end-to-end data governance helps you find and retain the data that is most important, while eliminating redundant, obsolete, and trivial data that could cause risk if compromised.

of large organizations reported a
data breach in the last 12 months³
robot icon

Automating the process is key to maintaining compliance with your own policies, as well as regulatory laws. Your data governance policies should include:

  • Automatic classification

    Classify data based on automatic analysis such as age, user, type, data sensitivity, and user-provided fingerprints.
  • Security

    Employ automated access control policies based on data classification, so that only those who really need access have it.
  • Data retention

    Implement policy recommendations based on machine learning and cloud intelligence to preserve high-value data in place, and purge what’s redundant, trivial, or obsolete.

3.

Evangelize your
strategy

After defining your data governance plan, you’ll want to make sure all affected people have a strong understanding of your privacy, protection, and governance policies. You may want to expand your corporate training significantly to help educate employees, partners, suppliers, and vendors about requirements affecting their roles.

Some organizations create internal webinars, workshops, online training courses, and reference materials to train their employees, partners, and vendors on policies.

You can also build in data privacy requirements for your vendors, and include compliance requirements as part of your procurement process. Be transparent with employees and customers about your policies, document them, and empower people to access and manage their own data as needed.

More than 50% of data leaks

come from employees⁴

Rightwards arrow icon

Monitor, measure,
and update

Once you’ve done the work to create your data inventory, employ solid data governance policies, and educate all involved, you’ll need a plan to monitor, measure, and audit your strategy. Dashboards, reporting, and alerts will all help you implement your plan with success. Update your strategy on a regular basis as your data protection needs change and compliance requirements evolve.

Microsoft has a long history of helping our customers protect and maintain their data, while complying with complex regulations. With a global datacenter footprint, an industry-leading certified compliance portfolio, and services architected to be highly secure by design, Microsoft cloud services provide a simplified and complete approach to data privacy, protection, and governance.

Learn more

Sources and Disclaimer

©2018 Microsoft Corporation. All rights reserved. This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.

This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.