Microsoft Business Forward 2018 | Get Ready for GDPR
Good. Afternoon please. Welcome senior. Data protection, attorney, Microsoft. Andreas. Amanda. Good. Afternoon everybody and welcome back to the sessions, I must, admit it's a pretty overwhelming. Experience, to be on stage after Amal Clooney so, we appreciate your, staying with us for. A hot topic which, is GDP, our Europe's, new privacy, law and. I have the honor to welcome our, guest, speaker, and Zion Nikola from Forrester, Research, who's, a business, analyst, and also certified, information, privacy, professional. Whose, research, very much much focuses, on privacy, and 'aa. Welcome. To the stage. Good. Afternoon, everyone. What's. The there, is not a better moment to talk about the DPR than after lunch I hope, you got coffee and you are ready for these and. So. Let me start from, these do. You recognize, the the chop here. On the slide. This. Is, nicholas. Copernicus and. I love to start talking, about the DPR. Telling. You about a little bit about him now. He was, as you remember. For sure that, he was a mathematician, there. During. The 16th century he, published, his theory. His. Theory, that says, that actually. The. Sun. Is, still, in the middle of the universe and earth. And all the other planets just. Move around the Sun, this. Was, revolutionary. Moment, in the history of science was the beginning of the Copernican, revolution, but. Was also a revolution. In terms of you know the, culture, and, the. Understanding. Of you know normal, people at, the time where the. Catholic. Church was probably, the only station that people, knew and cathodic. Religion. Represented. A little bit also their, understanding. Of themselves and, having. The earth in, the middle of the universe and everything else going around the earth meant. That that was the place of humanity, and a projection of humanity, but if you change this, theory to have the Sun in the middle of the universe in years and all the other fun is going around here. Required that also common, people, would, readjust. The way they thought about themselves he, took a very long time and in fact it. Was a revolution. Now. Because why, I say these when I talk about GDP, are because, when. The European, Parliament, start the, update of the REA of the directive, that we have today they. Said is going to be an evolution is. Where we take current, roles and we're just trying to evolve them for the current times. But. In reality when, I see. The work the many organizations out, there are doing to comply with GD P R and, when I say that, this work is touching, on the governance, some processes.
On People skills and on technology, I can, tell you that in many cases, more than. An evolution, in, these regulation. And comply with the regulation, really, feels like a revolution. A little bit like the Copernican, revolution, if you like. What. I also learned in these good. 24, months, working with organizations. That are preparing. For GDP are is, they're actually you, know for a business, if you embrace the change as a GDP, are requires, there. Is no way. Back is. A change, is a discipline, around, data, mainly. That you know there, is no way to change afterwards. Is reeling, a turning point. Just. To refresh your memory we, mentioned, it already the general data protection regulation. It covers the. Personal. Data of, individuals. The. Enforcement, of these new rules will start on, may 25th, of this year so there are about, 65. 64. Days left, before. Regulators. Around Europe starts enforcing, these these. Rules and what. Is interesting to me is that it, comes out from the European Parliament, but. Is, not necessarily, a European. Pin. And I, say that because when I talk with many, US based organizations. They them to say well, this is not for me this is for you Europeans, but, this is not true that, mm GDP. Our covers. Organizations. That offer services, or products, to the European market and, also those organization, they collect, data from European, residents may be to build profiles for example, even, if these organizations don't. Have headquarters. In Europe they. Still have to comply, with these rules so there are a number of organizations that, for the first time are, looking at data protection, rules. With the dilip here, also. Very. Often, I see a lot of emphasis around, May. 25th. Is the date where regulators. Will will, start the enforcement, of these rules and for many organization, is a little bit of a dead one he's like yes I get to me I do my work I'm done but. Actually, 20. Of 25th, of May is just the starting, point because. GDP, our compliance is not something that you do once is not a one-time, effort you. Get ready free but, then you, have to sustain compliance. As your. Business. Operates. Every single, day is about building compliance. Into, processes. And systems, that. Touch, on personal. Data and his personal data can be your customer, alchemy. Your employees, and one. Example that I often. Used to them you. Know talk about processes. That have. Dis compliance. GDP, or compliance, embedded. Our. Example, for me is the privacy, by design. Is. Probably. One of the most challenging requirements. In, the whole. You know regulation, and. Basically. Suggest that, consideration. From privacy and security have. To be, done. At the very beginning, of new projects, new initiatives, then, you, have to understand, the risks, that you, are creating, if you are collecting, and processing personal. Data and you, have to choose strategies, that really allow you to be together those risks, now. What is interesting to me is to try and use, a more, concrete example of, what it means, imagine. That you want to create a, new, app to engage, your customers, and maybe. It's the marketing team. That wants to create his new app and so, on day one you will have your marketing team sitting down and trying. To explain to the rest of the, the other teams of the organization. Those that are involved their, business goals that they have in mind why they want in your application, or the India app for their customer, and then possibly you will of your data scientists. That will help them figure, out how much data which kind of data we need that remember, privacy. By default is linked to that privacy, privacy. By design is live to privacy by default that is make. Sure that you're using the minimum amount of data necessary to, achieve a specific purpose, but. That in the room you want to have security, and risk professionals as, well because, again we need to understand, the impact, of this.
New App and the, development, of the new app for. Privacy and security so which requirements we have to keep in mind we, sorts of risks we are looking at as we trying to create this new app and in. Which way we can make sure that we are mitigating, these risks. For. Example, once, you have. When. You start working with your developers. And an, tester, to make sure that you are testing that up even. In those environments you, want to make sure that certain consideration. For privacy and security are, taken into account maybe. You could think of using a. Pseudonym, ice date or anonymize, data if it's possible and. Maybe all, the way to the delivery of the app to the market you want to make sure that the settings, that you are suggesting, or using by default are, protecting. That of your cats or maybe you plan, to use I don't know end-to-end encryption or. Certain. Sorts of settings again they would allow this customer, to protect their privacy as they use a new app. The. Challenge of these sorts of you, know building a process like that of. Course there is security, control and technology, that will be you, know helping us to. Make sure that we're taking care mitigating. The risks appropriately but. What, organizations. Are telling me that one of the challenges has to do with culture, because. For the very first time you are bringing. Within. The same you. Know at the same table right, from the beginning of, any new projects, or initiatives teams. And people that, have different backgrounds, sometimes the different languages sometimes they, have different. Goals and, forwards, they will need to sit down together and, work together to, make sure that they are, protecting. The security, and the. Privacy, of the customers, data, that they are using so, the revolution, in this case are really to do with the cultural, impact, and cultural change. And. As. I say I mean compliance. Is about you know is not the work of one team is really about an organization coming. Together to. Meet these compliance requirements. But there is even, more than that you. Will need and you will start working with a number of partners when. It comes to GDP our compliance because even, you know it would be great, to. Have a single, solution. A single way a single product, to make all, of us GDP, our compliance weekly but. Technology, is, just one, part of the puzzle you will need a technology but you will need also to look at the governance, processes, people skills this, means working with a number of partners for, GDP our compliance, and so, we need to get ready as well to you, know manage. This set of partners. And. Then my last or, what I call this guiding. Principle, for compliance. This is what I learned working, with organizations. Over the last 24, months in particular very. Often I hear, GDP, is so vague is, so you, know uncertain. Doesn't tell me exactly what I have to do to become compliant. That's. True, but the reality, is that GDP are is a principle, based regulation it, doesn't give us a list of you know define, actions, that we need to take to, be compliant, GDP. Our rather tells us the final stage where, we have to be and then is the work of each organization to, actually, define. The specific strategy. To become compliance, it means, understanding. The risks, that you want to mitigate find, out the best way of mitigating those, risks and so the 13 point of every Campania strategy is really around the risk assessment, and risk framework understanding. The risk that you are trying to mitigate under, the DPR is the. Formation, of that strategy. And. I told you that this works, means that there is not. You. Know way back for many businesses, that are embracing, embracing. This sort of change but there is no way back for customer either, we. Know and this is a data point for, that.
Shows Us that 74%. Of consumers, would say did. They said they would switch bank, or insurer if their bank or insurer, software. Data breach. 47%. This is interesting because there is a lot of effort that we put into creating, new. Digital channels. So engage, our customers but. Then we have almost 50% of this customers and say if I had privacy and security concern, I'm not, going to engage through, a digital channel, and. This is also some of the you. Know quotes that I got from a forrestier, online. Community, we asked real. Customers. About. Gdpr, and you know not everyone, knows that we are talking about the general data protection regulation, that's that's good but. When we mentioned, the right to be forgotten data, access, data. Portability. This is something, and customer recognized, straight ahead and as, you can see they link that the possibility. To ask, companies. To be forgot and offer that access, they, link that with their possibility. To feel more comfortable, not, only relating, to that company, by using the Internet, in, general they. Linked, is the possibility, to use these lights with a possibility, to increase trust. Between, them and the companies and and, the internet so there, is there a very strong expectation, and this customer, will be really using some. Of these data subjects, rights but also consent, transparency. These are requirements of did GDP, are but this requirement starts, on the, customer, experience and. That trust. Relationship. Between companies. And customer, at the, core and so for this reason GDP. Are very, often I say is not just about regulators. And fines is really, about, improving. Their relationship, with their customers, improving. The way they interact, with your company, and this, is why I a very often say is just a perfect storm because, gives possibility. To companies, to start looking at privacy. No just as a compliance, requirements, but really, as a strategy. For the, business and here, I want. To show what it came out from a study that we did. With. Over 400, companies worldwide they, are complying, to comply with the DPR and we asked them which. Are the benefits, business, benefits, that you start, experiencing. As part of the work that you are doing for GDP compliance. More. Than 50 percent told, us that, the first benefit, that they can clearly see is an improvement in the customer experience and, then. Of course better, data strategy is very often you know starting. To look at the data do that data flow map in exercise, to come up with a risk assessment allows. Organization. To understand, all the assets, that they have data assets and maybe they were not exploiting. Those assets, and they should and also, there are a number of you know efficiency. In they were in the way, they manage privacy, policies, security, policy, so really a number of business, benefits, beyond, just, meeting, those compliance, requirements.
And. I hear a few examples, now about companies, that you. Know I have, taken, deliver, in privacy, and I've really, tried to make it part of their own business. DNA, the core value, of the business and this is his mystery because this is Kenya and they build you. Know trucks. And, you, would then assume that you know they have consumer. Privacy as, you. Know one of their core. Value. But instead they do even, if you might think well this is a b2b business, is weird that they are so passionate about privacy, but they are because, they know that even as a b2b, you, are handling, personal late of customer, and consumers, maybe through your own customers, and so. The commitment, to protect, this data is, very strong for them and when, I talk to their CEO, he told me you know yes gdpr is very good but we, are doing already. Much. Of the work the companies have to do now for compliance, this is part of what we do is that were understanding. Of doing, business and this. Is another example from a bank. A large bank and. I talked to the head, of the digital customer experience, at the bank and he told me. Claire is not my work there is my compliance team that will be leading these. Efforts but, I'm so grateful to the gdpr you know why because, finally. We brought the discussion, about privacy, at, the board level at the executive, levels, now everyone, is paying attention to, this topic and, look he was given, the, task to understand, how, the privacy. Expectation. Of their customers, will change, between, the in the next five and ten years and how, the bank is getting ready to serve. These customers with. These evolving. Privacy, attitude, and. Then. An example here from Italy, you. Know just one is. About, a, cigarette, selling generally they have taken. Privacy. And they have made it part of their corporate social responsibility. I looked, last year at the list of Fortune 100 and. Only 23, companies in, that 100 have. Taken, privacy, elevated, privacy, to corporate social responsibility. And for me is a great example because. It doesn't mean that privacy, is just a compliance. Issue privacy, is again part, of the business strategy is part of the core values of the. Of the business. But. If we go back to GDP, our so how many companies. Today are, ready. For GDP are in a recent survey we did this at the end of 2017. 30. Percent said you know I'm ready today this is a global number. Even. If you you know, when. I saw this number I was WOW, you, might think his mother, bear but if. I think about the amount of work that you, need in many cases for the DPR compliance well it's not a small number and, I have to say that the, fact the GDP as we said is a principle base regulation, and the many companies are self assessing themselves. Today in. Some cases you. Know means that there, are some companies and feel maybe more comfortable. About their compliance. They. They in reality are so this is what the 30% is there I think from my qualitative, experience, that very, often organizations have, looked at GD P R and maybe they, feel comfortable about. Their ability, to comply with one two or more, requirements, of Gd P R, so they feel yes I'm ready but, when you try and look at a comprehensive, compliance. Program, then you find that actually fairly few companies have done that so still, a lot of work, to. Do even though there is not that much time left, and. So one, thing that I thought to do today with you is just you. Know to leave you with a few, key, actions. And key recommendation. For DDP are compliance, as I said there, is not that much time left, but. Here what I think would be you, know a good approach for gdpr, compliance.
Run, A gap analyses trying to understand, the gaps that. You have between, your current state and the, states the gdpr defines, now. Probably, 18, or 24 months ago or even earlier, had my sense to really run a gap analysis, throughout, the, real estate of data that you have as organization. Today with. The you know short time left my, recommendation. Would be to look. Into. Initiatives. Or data-driven initiatives. That you, feel presents, specific high risks, generally. Organizations. Start from processing, activities, that involve. Sensitive, personal debt of their customers, as an area that they want to make sure that you know is compliant. In. Other cases is really about looking at those processes. That involve. A lot of third parties, because. We, know is, facebooking. What is going on is just one more of those examples, but he's, very difficult, to control and understand, what your third parties are doing in, the moment they touch the personal light of your employees of your customers, and therefore. Definitely. There is there an area where many organizations. Feel is. An area to prioritize, in terms of the gap analysis, the understanding, of the specific risks, and defining. The mitigation, strategies, and. Also I see their organizations. That have, processing. Activities, on cloud or, they are part of big analytics, projects, especially predictive. Analytics, projects, they do feel there is an area where I want to understand, the risks more specifically. And, once you have chosen, this area where you want to look to understand the specific risks, is, about priority. Your actions. An. Element that I believe is extremely important, is the design. Of the, roadmap. For. Mitigating, these risks, and I, say, that because GDP, are built. Into, the. Requirements. You, know the duty. For organizations. To provide evidence of, their compliance strategies, he's, not about okay. I haven't, suffered a bridge that is not about my. Customers, are not complaining. About my, privacy, practices this. Is all good but still a. Regulator. Can still come and say I want, to be provided, with the evidence of your compliance strategy show. Me how you. Are complying, with this regulation and. This means that I've been roadmap implies show in progress showing. And there is a clear plan, there to, address these requirements, will, be definitely, helpful for, any organization. There are - there has to go through, regulatory. Audit so, that that's very important, to do and, then once you need to fill the gaps and try mitigating, the risks you have identified, of course security.
Controls, Is one wise technology. Can of course help us to become compliant with gdpr but, also think about processes. Is also. About processes, and if I have to choose just you know a few, that would be areas, or, priorities. As I see many organization, doing definitely. That consent, and reconsent piece as we, have said GDP. Are, put. Actually, opens, the door in a way to many of your practices, around data handling, to. Your customers, and that consent, and reconsent, is just one of the way in, which your customers are impacted. By gdpr, and this is the way it also did your relationship with, the customer, is going to be impacted they, are going to recognize, if, you know this, organization, is sending me some direct marketing, do. I gave, did, I give consent, to them to receive these early marketing they are profiling. Me do, they have the right consent to do that let me leave me consumers, are just more, and more aware of these sort of practices, more and more aware that they should be giving consent and Onegin we throw that consent, if, they are not had any longer and. Also data subject, rights, many. Banks, today but. Also insurers. And utilities, companies, and I would say now across verticals. There, is this idea that of course my customer, will ask me to be forgotten, and the. More I develop, my. Digital. Channels, the more this customer, will ask for data access data. Ports ability to be forgotten, so, I don't only want to build a process that helped me to comply, in my in the back hand to identify, the right data assets to, delete, and creeped do whatever I have to do to comply with the requirements, but also what. Is my customer, going to see when, they come to my website how. Is going to be for them to ask to be forgotten, and many, are seeing these as an element of really calm differentiation. If my competitor. Is able, to provide a process, not only is effective, but is. Also a good experience. For the customer, they know this is something that is gonna be seen easily because, you can compare easily, how two companies, are dealing with these sorts of requests and because, again these, rights is not just about compliance, is about the trustworthy. Relationship, between a customer and a company this. Will be part of that trust. Building, efforts, that you do as an organization. And then, data breach notification I. Have to say that because, often, we talk about breaches. Companies. Are you. Know aware of these kind of risks they understand, there are breach you know it's a very challenging thing to handle especially if, you have to report to your own customers, that you are being breached and you have 72, hours to do so so, a lot of work today is going into an, early day technical, preparation. For you know prevention. Detection, and mitigation of a breach processing. That aspect of communication, how, do I handle communication, with my customers, if, a breach happens. And. Finally. We. Need to maintain his compliance as I have said is not just a matter of getting, to you. Know may 20. 2015. 22. Maintain compliance, over time, test. The incident response plan, one of my colleagues used to say if you, don't test your incident response plan you don't have an incident response plan, so, that's I would tries to start. Set. Up training and awareness programs, this is interesting to me because this is not this, is no new I mean we didn't need the DPR to introduce, this idea of you.
Know Training. And awareness programs for, employees but, still I see, so many companies, struggling, to really be effective, access successful. To. You, know engage employees, around, these topics but again the, regulator says training, and awareness is already in itself a mitigation strategy so it's important, that we have the strategy and awareness programs and, this imports, that we provide documentation. Of these, trainings. And. Then yes prepared to demonstrate compliance is building your roadmap, measure. Progress. Make. Sure that, you know you are recording, all the efforts, and all the work that you do to meet gdpr, compliance. And. I. Don't, think there is a best way to leave you than, these thoughts. And this Court is something I really like, don't. Think about it appear as just a limit to your digital, transformation. Or you to your digital initiatives. Is really not a limit. Managing. Personal. Date of customer employees, in a way there is more discipline, than respond, to specific rules. And allows people to have control over their data actually. Allows organization, to do more with the data and no less. With. This thank. You very much. Thank. You very much Enza, for this great and very practical presentation. Which I think, leaves us with a number of takeaways, and, building. On endless, point I would like to share, a few thoughts with you on how, gdpr, can in practical, terms serve. You as a competitive, differentiator. And, how. Can really technology, and also Microsoft, technology, help there so. This is the trends museum in US and only 200, kilometers, from here, and, one, of the highlights of the museum is this which. Is a prehistoric vessel. It's a dugout, canoe it's, roughly, ten thousand years old and it's, probably the oldest, known boat, we, have, now. Why, the. Weather, this has been truly a watercraft. Has been tested with a replica because, some thought this was for feeding animals. People. Have realized. Very, early in, history that, rowing together to. The same direction in, the same speed, makes a huge difference but, it was only in the 15th century when, the second, boat the Santa Maria, you may recognize, has. Managed, to reach, Shore and basically. Discovered, a new world in the United, States and and. Basically. Discovered, America, by led by Christopher, Columbus. So. Gdpr. Is very much like sailing. It's. A new privacy, law but very as Enza, pointed, out it, will require a, lot, of additional. Preparations. You. Want to go off sailing with the best most, modern, technology, with. Robust. Security, and, with, a very well-prepared, crew, now. It's the same with the gdpr there. Will be changes. You have to prepare, for and you will have to be able to maneuver very well, as, Enza. Pointed, out the, gdpr is not very clear on all points so, we all know that. The. European. Regulators, have, already, published, 10. Pretty, detailed guidelines. In the past two years and, they're working on more in, addition, to that national regulators. Are also publishing. Checklists from. Varying, from four to twelve easy steps, to follow but. We all know those steps aren't that easy and practice, and not to mention the so-called national, measures which. Allow, for, deviation. On specific. Limited, topics. So. Really. The nature of the sea is change, and, weather. Currents. And underwater. Cliffs can. Really challenge. The most experienced, sailors, so. What does it mean in the gdpr, context. It's, really that it's not a static, experience. As Enza also pointed, out there, won't be a point in time not. To mention May, 25th, when you can take the box that you're ready and any. Regulator. Can come and test you it's, going to be a journey where, you have to prepare, for. Maneuvering, very, in an agile way. So. It's not a question that basically, the GDP, our requirements. Are setting the bar, higher, but. Also bear in mind that, most of those data, principles. Have, been in place for a long time basically, since the 80s data. Minimization. Purpose. Limitation. They, are not new notions, but they are now elevated. To a new level so therefore, it will be essential to, look. Through your own practices. And make the best out of it really make, the most the, best possible. Customer. Experience, and make this as a competitive, differentiator. Now. As Enza pointed out as well we have similar experiences. That, companies. Outside, of Europe, are. Hoping that it doesn't apply to them and they're asking the question like ok I understand. It's so complicated. But is this really for me I don't, think so well, I think the bad news is that it would even apply for Santa Claus not, only because he's a Finnish resident, with, his main establishment.
In Lapland, but because his market, is targeting, the European, Union so. Think, about it in that way that. Single employee in, Europe. Or, any, customers. In, the European, Economic, Area will. Trigger the applicability, of the, GDP are. These. Days of the, fourth Industrial, Revolution every. Company, is a data company just, stating the blatantly, obvious it doesn't matter whether you are in financial services in. Manufacturing. Or retail, education, government health, in every industry you deal, with personal, data, so. What. Does that mean, in practice, for your organization. What, are those changes which. You have to prepare, for I mean, just stating again the obvious that there, are enhanced, privacy rights, introduced, under the GDP are and. Increased. Duty of, basically. Protecting, data I. Don't. Think it's underpinned. In any better way than really, listening, to the news every, day in, the past weeks, months years about. Data breaches or, new forms of data harvesting. Which, are challenging. Also. Regulators. To, apply, the GBP. Are in a practical, manner so. I think again. Back to the, sailing. Metaphor, you, have to prepare, for the unknown you, have to have good mitigation. Plans in place so. That you can manage those, unforeseen. Circumstances. And not, allow them to undermine. Your business, and cause reputational. Harm or. Stock. Price drops if you're a publicly, traded company and not to mention the fines which are also coming. So. In practice, this really, means, stricter. Controls. Better. Data governance for. Transparency. And then. Really enhanced, policies. To, take control of data subject, rights as well, so. How can technology, help, there, I mean. We. Had a webcast, a few months ago where. Some. Of the representatives of. SIP, Hill and big. Four consultants. Were. Sharing some thoughts and feedback about Derrick's. With. Discussing. The, gdpr with customers, and as, you can see in some of the highlights from the quartz. Sustainability. And automation. Has been emphasized. Technology. Is a great Avenue to. Reach, compliance. Although, unfortunately there, is no green button to click to make you gdpr, compliant. Think. About it as building a ship that. What. Technology, providers, can do is really provide you, with building, blocks which.
Are Themselves. Gdpr. Compliant. With, built in privacy. So. For example for Dynamics 365. We have 19 white papers, already published, on our, services, trust portal under the, trust. Center and, those. Can basically be, good building blocks for you to build your story, towards, your customers, and regulators, why. Privacy. By design has, been implemented. In, all segments, of the technology, you're leveraging. We. Have committed, already last, April. That all, our online services. Will, be gdpr, compliant. By May 25th, when enforcement, begins now, you can say that's not a big thing because that's the law anyway, but. We have actually. Started. To work through and really re-engineer. Our systems, and, build. Those, additional. Privacy, and security controls. In the systems, to give an example for our software, development, we. Have been. Basically. Developing, a so called software development, lifecycle. Which then turned into an ISO standard. Many. Many years ago and now this has been something which was highly appreciated, by the Norwegian, regulator, who, was the first regulator, to, publish, guidelines, on privacy, by design and, how, that can be achieved in, practice and called out as a best practice and. This. Is all. Sunk. Basically, backed up and supported. By contractual, commitments. So, since, September, 2017. We have implement. GDP. Our terms into, our online services, agreements. The online services, terms which. Reflect, the requirements. For, us as a data processor. In. Enterprise, cloud and we. Continue, to. Basically. Fine tune those requirements, as we. Also work through on, how exactly, we will be able to support, your compliance, in details. And as, I mentioned the need, for a, lot, of documentation, and. I. Think if I leave you with one takeaway that that's really, it, the. Documentation. Will be so important, since, the rules under the GDP are not black and white you. Will not be told exactly what, to do so. What. Our advice, is to all customers, is that really think through your data strategies. And then, document, everything so. You can demonstrate. Best. Efforts, and all the goodwill to. Regulators. In case of any questions. So. What are really the few steps to prepare. For, for the GDP, are I, mentioned. Oriya the simplifying. Your. Journey privacy. Journey and also compliance, journey and leverage technology. But. Bear. In mind that will really need a very. Detailed analysis, of how that implementation. Works, best for your industry for your data flows for your processes. Obviously. You start and only two months ahead. Of the of the, enforcement, you. Are obviously in. The 30 percent who. Are who feel ready but if not and you're, still, sort of thinking about a couple of additional measures once. You're through your, data. Inventory. And risk analysis. And then. You have identified. The gaps again. Fully agree with Enza that you have to prioritize your, list risks, and then, leverage, expert, support Microsoft. Also, has a huge, partner, network who, are very well equipped to help you through, your GDP, our journey, and, bear. In mind every chain is as strong as its, whistling, so. It, will matter more than ever before, with whom you work with and. Actually. Those, conversations. Prompted. By the GDP, are are. Really part of a good risk management strategy, anyway, and to have a more holistic approach about, security. So. I think it's fair to state that size, will matter in this context. Because. Companies, who have the right resources, and. Are serious, about security. And, compliance. Will. Be better, partners. To. Basically. Work with since. The GD P R is introducing. A shared responsibility model. That. Means that also for, Microsoft, has a data processor, by, law we will have a much higher exposure. Ourselves. And we. Will be sitting in the same boat much, more than ever before, so. I think that. You, should really look through your vendors and think. About their capabilities, and. Theirs, their dedication, to, privacy. And compliance and, also track record. Microsoft. Has and parallel, end-to-end. View, basically, due, to operating. Our. Authentications. In. Like. Although all the. Authentications. I think 10 billion authentications.
Per Day. Operating. A search engine having, hyperscale, cloud service, by having really, private. And enterprise, email services, in place so. We have so much data in. Place that, it really helps. To prepare, for any eventual cyber, threats, we. Operate Digital, Crimes Unit as you may know where, we work with authorities to help take down botnets. So, all our capabilities. And knowledge, we. Build in our products, so I. Think you really have to look at those capabilities, how. They can help to build your own compliance. Story, and, to. Really close. It off by, calling. Out a few. Steps to take which, are probably. Sort, of almost, evident. By this point. But. You, will see that in our documentation. Which, I mentioned, actually, the, services. Tools. We. Offer are, mapped. Against, these pillars which are discover, manage protect, and report, and all. Our products, take dynamics 365. Various, product, elements, or Azure or office 365, are. Highlighted, a couple of specific features. Take. Relevant. Search from Dynamics. 365. Which, will help you basically. For, your data inventory. And mapping. So. To. Wrap it up we, truly, believe that, gdpr. Is a, great, opportunity to. Look, through your, data, management. Practices. And as. Also. Ends I mentioned, if, you take the right approach and, make the right investments. This will be a great competitive. Differentiator. To, win your customer, trust in your respective, areas so. With that thank, you very much.