You`ll find Microsoft`s contractual obligations regarding the RGPD in addendum data protection for online services, which provides Microsoft`s privacy and security obligations, data processing conditions and RGPD conditions for Microsoft-hosted services, which customers subscribe to under a volume licensing agreement. These conditions require Microsoft to impose section 28 of the RGPD and other relevant articles of the RGPD on processors. My organization is preparing for the RGPD and we assume that Microsoft (Office 365) processes personal data on behalf of my organization. Where can I access Microsoft/Office 365`s EU data processing agreement? Microsoft has introduced a new version of its online terms of service in response to problems with the Dutch Ministry of Justice`s telemetry data collected from Office 365 Plus and Office 365 users. To prepare for the General Data Protection Regulation (GDPR), please consult the resources available www.microsoft.com/gdpr. For this topic, see FAQ . Microsoft`s online services are subject to the terms and conditions of online services. Terms and conditions for online services include Microsoft`s key data protection and security obligations, data processing conditions, model terms and our RGPD terms. The conditions of the RGPD closely follow the requirements of Section 28 of the RGPD (and 30, 32-36, 44, etc.). We have written the RGPD terms as a Microsoft promise to our customers to meet the requirement that processors make binding commitments to their controller customers. The conditions of the RGPD are Schedule 4 in online terms of service – at the end of the document.
We must take appropriate technical and organizational measures to help you respond to the requests of those involved in exercising their rights, as outlined above. The RGPD grants individuals (or individuals) certain rights to process their personal data, including the right to correct inaccurate data, delete or restrict their processing, obtain their data, and respond to a request to transfer data to another responsible holder. The person in charge of the treatment is responsible for a timely and consistent response of the RGPD. For more technical details, please visit Data Subject Requests. How does the RGPD change an organization`s response to personal data breaches? Personal data may include online identifiers (for example. B IP addresses), personnel information, distribution databases, after-sales service data, customer information forms, location data, biometric data, ccTV records, loyalty data sets, health and financing information, and much more.