Q&A: How is Microsoft preparing for the GDPR deadline?
With less than a month until the GDPR compliance deadline is upon us, companies more than ever need to be ensuring that they deal with data securely in the face of increasingly demanding regulatory requirements.
Speaking to Mike Yeh, Microsoft’s Assistant General Counsel of Corporate External and Legal Affairs for MEA, we find out how Microsoft is preparing for the GDPR deadline, and how recent data scandals have changed the way the US tech giant looks at the way it deals with data.
Is effective data management becoming paramount in the wake of significant data breaches, such as those experienced by Yahoo and Equifax?
Yes. Microsoft recognises the increasing importance of data to every business and to each individual and is committed to the privacy and security of our customers’ data. We believe that the digital information our customers create and store using our cloud services is and remains the property of the customer. Users will always have complete visibility into where their data is located and how it’s managed.
Having released the company’s findings in Microsoft’s GDPR Compliance Report, what is the general consensus about the GDPR readiness of EU companies?
The new GDPR is the most significant change to European Union privacy law in two decades and is likely to become a global baseline for data protection. While many companies are taking steps now to ensure compliance by 25 May 2018, when the law comes into effect, some companies, particularly those outside of Europe, will likely not be ready. Microsoft is committing to be GDPR compliant across our cloud services when enforcement begins on 25 May, and we are committed to our principles of cloud trust-security, privacy, transparency and compliance.
Would you say companies have underestimated the requirements for meeting GDPR effectively?
Yes, especially companies outside of Europe that offer goods and services to people in the EU or that collect data tied to EU residents. Some companies don’t realise the GDPR can apply to companies outside of Europe and others don’t think it will be enforced against companies outside of Europe. Given expectations that GDPR will become a global baseline for data protection, GDPR compliance should be prioritised by all companies.
Aside from the obvious regulatory need for GDPR compliance, are organisations able to turn their improved data management into a beneficial asset in other ways?
For African and Middle East businesses looking to do business with the European Union, non-compliance could mean non-business. If businesses are to remain relevant in today’s market, digital transformation coupled with data protection must exist at the heart of their business models. Cloud services can help companies implement a modern data governance structure to understand when they are handling personal data and manage such data more efficiently and effectively across their organization.
Given the size of the European market and the increasingly global nature of business, companies that are using GDPR compliance as a milestone to drive business transformation will emerge with a significant advantage. While future technologies will empower people to seamlessly collaborate and access information, anywhere and across any device and tap into artificial intelligence (AI) and machine learning to stay a step ahead of customer needs and competitive threats, the ability to deliver such solutions in compliance with GDPR will help build customer and consumer trust.
How has Microsoft itself prepared for GDPR?
Microsoft has extensive expertise in protecting data, championing privacy, and complying with complex regulations, and currently complies with both EU-US Privacy Shield and EU Model Clauses. We believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights.
We are committed to GDPR compliance across our cloud services when enforcement begins, and provide GDPR related assurances in our contractual commitments. When small businesses use the Microsoft Cloud to process data they will be using services already compliant with the highest standards in data protection.
Outside of small businesses, we also recently announced new parental consent requirements for accounts held by children in the EU. To implement parental consent requirement in the GDPR, Microsoft is relying on the high standards afforded under the US Children’s Online Privacy Protection Act (COPPA) to verify parental consent for children’s accounts across our product platforms. We have already started to roll out the necessary notifications to our users in many EU member states, and we will complete the rollout by the end of April.
What key challenges has Microsoft faced in preparing for GDPR?
At its heart, the GDPR is about guaranteeing the privacy and integrity of individuals’ data. Microsoft is working on our own compliance, but our key challenge and opportunity is ensuring that our cloud services make it easy for customers to comply with the GDPR. The release of contractual commitments is an example of steps we are taking to help our customers prepare for the deadline. We’ve also made other GDPR resources available on our Trust Center to help companies assess their readiness.
Would you say the company has taken adequate steps to ensuring that it deals with data responsibly, particularly in the wake of the Cambridge Analytica, Facebook scandal?
For users to effectively exercise their right to control their data, they must have access and visibility to that data. Users must know where it is stored, and they must also know, through clearly stated and readily available policies and procedures, how cloud providers secure their data, who can access it, and under what circumstances.
We don’t use customer data for advertising or commercial purposes. Microsoft access to customer data is limited to key personnel on exception basis. Microsoft personnel only access customer data for troubleshooting and malware prevention. Further, in the event that customer data is compromised, Microsoft will notify customers.
Are digital skill shortages impeding progress in the way of GDPR compliance?
Within MEA, digital skills are a challenge, but the primary challenge is the assumption that the GDPR only applies to companies in Europe. Even some of the most sophisticated companies in the region who clearly offer goods and services in Europe have taken the position that GDPR compliance does not need to be prioritised, which may not be a smart decision in the long run.
That said, GDPR is a great opportunity to accelerate programs to increase digital skills in each community and country in the region. There is arguably an opportunity for people to specialize in GDPR compliance where they learn how to create a data governance regime and can advise companies on the four areas of focus – discover, govern, protect and report.
How will the GDPR regulations affect companies outside of Europe?
Although GDPR is designed to strengthen data protection within the EU, Middle East and African businesses wanting to do business with the EU are definitely affected as GDPR applies to businesses that offer goods and services to people in Europe, even if those businesses are based outside of Europe. Even companies that don’t offer goods or services in Europe should anticipate that the GDPR will likely become a global baseline for data protection.
If businesses are to remain relevant in today’s market, digital transformation coupled with data protection must exist at the heart of their business models. Cloud services can help companies implement a data governance regime, but the first step is ensuring that the underlying cloud service is GDPR compliant. By 25 May, businesses that use the Microsoft Cloud to process data – be it Office 365, Dynamics 365, Windows 10 or Azure – will be using services compliant with the highest standards in data protection.
IoT market expected to grow due to increase in IoT use cases
An increase in the internet of things use cases is expected to drive the IoT service market, according to the IoT Services Global Market Report 2021: COVID-10 Growth and Change to 2030.
IoT has found its use in many areas over the years. It can be used in manufacturing, farming, smart cities, transportation and in many other industries and fields.
Due to the fact it can be utilised in many industries, there is an increased need for IoT services and applications. IoT services that provide support by delivering services such as consulting, data management, network management and security services, are in much higher demand.
The impact of COVID-19 on the IoT services market
According to the report, the global IoT services market is expected to grow from $139.24 billion in 2020 to $162.39 billion in 2021 at a compound annual growth rate (CAGR) of 16.6%.
In the coming years, the IoT managed services market size is expected to reach $381.16 billion in 2025 at a CAGR of 24%.
This growth lends itself to companies resuming operations and adapting to the new normal as we emerge and recover from the pandemic.
Previously, COVID-19 restrictions led to restrictive containment measures, remote working and the closure of commercial activities that resulted in operational challenges.
IoT use cases driving growth
The IoT services market consists of the sales of IoT services and their related products. IoT services are delivered by the IoT services providers. These providers provide consulting, security and analytics services as per the requirements of the business.
Major players in the IoT services industry are Cisco Systems, Cognizant, Google, Infosys and Tieto Corporation, to name a few.
An increase in IoT use cases is expected to drive the IoT service market; this is where IoT can be used to automate processes and increase productivity. As it has found many uses cases over the years, this increases the demand for IoT services and this is expected to drive growth.
Enhancing deployment workloads with edge or cloud computing
Despite the expected growth, low enterprise adoption is expected to hinder the IoT services market. Although IoT has its use in many industries, due to factors such as low awareness, enterprise adoption is low, the report states.
Only 29% of enterprises have adopted IoT solutions according to the Omida data survey.
Edge or cloud computing however is enhancing the deployment workload on IoT devices, according to the report. This solution facilitates data processing and data storage in the cloud.
Microsoft released its Azure IoT Edge recently. This fully managed service is built on Azure IoT Hub. By moving certain workloads to the edge of the network, businesses that utilise Microsoft’s IoT platform spend less time communicating with the cloud, react more quickly to local changes and operate reliably in extended offline periods.
The IoT Services Global Market Report 2021: COVID-19 Growth and Change to 2030 is one of a series of new reports from The Business Research Company that provides an IoT services market overview