Microsoft to extend GDPR rights internationally
Tue 22 May 2018

Microsoft has announced that it will be extending the rights contained in the European General Data Protection Regulations to all of its customers around the world.
Microsoft has said that it will extend GDPR principles, which apply in the European Union, to all of its customers around the world. In a blog post, Julie Brill, Microsoft corporate VP and deputy general counsel, wrote: ‘[This] includes the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.’
The company, like so many others, is keen to make clear that it cares about personal data and protecting it. Brill notes that Microsoft has employed more than 1600 engineers to work on GDPR projects since the regulations were passed in 2016. As a result, she wrote, ‘GDPR compliance is deeply ingrained in the culture at Microsoft and embedded in the processes and practices that are at the heart of how we build and deliver products and services.’
However, some in the industry questioned the altruism of Microsoft’s decision. Stephen Gailey, solutions architect at Exabeam, commented: “Microsoft may well have a fundamental commitment to people’s privacy, but extending GDPR rights to its global customer base is undoubtedly the path of least resistance. It’s such a broad regulation, so while no amount of preparation can reduce risk entirely, it’s certainly easier and safer to address GDPR in this way.
“From a data perspective, it costs much less to be consistent across all of your customers. As a true global tech giant, Microsoft could be a prime target for the ICO; the possibility of missing a single EU citizen could be very problematic, and isn’t worth the risk.”
If an organisation is found guilty, enforcers have the ability to levy fines of up to 4% of revenue. As such, companies have been scrambling to bring their policies up to date to ensure they don’t fall foul of the regulations, with some even choosing to delete their entire databases.
Microsoft also likes to play up its dedication to helping other businesses succeed. As part of this, part of its GDPR aims is to help other organisations become GDPR compliant, as well as Microsoft itself.