none
Microsoft Azure GDPR Data Processing Addendum RRS feed

  • Question

  • I'm looking for the Microsoft Azure GDPR Data Processing Addendum. Does anyway knows where I can find these compliance documents? 

    Background info: 

    At the moment we're using the "Application Insights" in Microsoft Azure for application logging and application monitoring. We're also keeping some personal data for a short period of time within this application. 

    Effective from the 28th of May 2018, we have to comply to the General Data Protection Regulation (GDPR) that becomes active in the European Union.

    Related to this regulation, we've already ensured that our application are running in Microsoft data centers in Europe, but additional I would need a Data Processing Addendum for the contract between Microsoft and my company. 

    Tuesday, December 12, 2017 2:37 PM

Answers

All replies

  • Something here may help.

    https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/application-insights/app-insights-troubleshoot-faq.md

    I'd ask for help over here.

    https://social.msdn.microsoft.com/Forums/vstudio/en-US/home?forum=ApplicationInsightsv

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Wednesday, December 13, 2017 3:30 AM
    Moderator
  • Good day ,

    Since the General Data Protection Regulation (GDPR) is a huge issue, Microsoft created a special portal for this which include all the information you need. It is under the "trust center" portal (if you need help in the forum you would be able to get it in the trust center forums), under "Privacy" -> GDPR. You can go to this URL directly:

    https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx

    You can jump directly to the "Get started" section if you already familiar with the topic, or learn a bit more theory if needed (recommended for most people).


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Wednesday, December 13, 2017 5:22 AM
    Moderator
  • By the way, this is not only becomes active in the European Union. It's much more complex since even if you company is not in the n the European Union but you have users/readers from European Union then you are bound to follow the rules.

    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Wednesday, December 13, 2017 5:26 AM
    Moderator
  • Thank you Ronen for the link to the trust center. I already found the same page yesterday, and noticed the GDPR Whitepaper and compliance manager. However, none of these documents answers my search for a Data Protection Addendum or a formal contract that I would need.

    Furthermore you're right that the GDPR is more complex than I've stated. It's indeed true that when you're a company from outside the European Union (e.g. Israel, USA) that you have to apply the regulation when a person from a European country is visiting your website. 

    I can recommend this paper when you want to read more: https://www.iabeurope.eu/policy/gig-working-paper-on-gdpr-consent/


    Wednesday, December 13, 2017 8:32 AM
  • Is this the document?

    http://www.tfm-now.com/files/tfm/docs/Windows%20Azure%20Data%20Processing%20Agreement.pdf


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Wednesday, December 13, 2017 12:21 PM
    Moderator
  • Hi Richard,

    Yep, this looks like it. However, I noticed that it's coming from tfm-now.com. I would be more convenient with a download from Microsoft.com, but this is already a good starting point. Thnx!

    Regards,
    Jeroen 

     

    Wednesday, December 13, 2017 1:24 PM
  • Hi Jeroen,

    I have no idea where they got this document and/or if this is officially the original document. I used Google advance search and I did not find any place on Microsoft domain that have a version of this document. 


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Thursday, December 14, 2017 5:15 AM
    Moderator
  • Hi Ronen,

    As written in my earlier reply, I have the same concerns about the link above being an official document. I'll use it as an initial reference for now, but additionally I posted a request to our Microsoft Account Manager. I'll updat this topic once I got a reply.

    Regards,
    Jeroen

    Saturday, December 16, 2017 9:13 PM
  • Great :-)

    Don't forget us. We want to see the thread closed in the best way


    signature   Ronen Ariely
     [Personal Site]    [Blog]    [Facebook]    [Linkedin]

    Sunday, December 17, 2017 7:20 AM
    Moderator
  • I wrote to Microsoft support on the 18th of December, and in their initial reply they've redirected me to the compliance center mentioned in an earlier post in this topic. 

    My follow-up request to send me the formal DPA is open since then. I'll keep you posted ...

    Sunday, December 24, 2017 3:52 PM
  • Any news? since we all need an agreement/contract for GDPR
    Thursday, April 12, 2018 8:51 AM
  • @ JP Hellemons,

    Unfortunately not. My request to Microsoft Support was NEVER answered.

    Today I received an update from Google btw that they've launched their GDPR Compliance features for Google Analytics and last month we also recieved the information from Amazon AWS Cloud services. From our big partners/vendors I'm only waiting on Microsoft at the moment ...

    Thursday, April 12, 2018 11:36 AM
  • Same here. Also received a mail from Google Analytics today. There is a lot of GDPR info available at Microsoft, but the data processing agreements or contracts cannot be found. We store personal data in Azure SQL and use Office365.

    I generated agreements/contract with hotjar today. You can sign them digitally. It was a nice and painless process. Perhaps a good case to look at for other companies: <cite class="iUh30">https://www.hotjar.com/gdpr</cite>

    Thursday, April 12, 2018 12:27 PM
  • I'd probably call it in here to follow up with your request.

    https://support.microsoft.com/en-us/gp/contactus81?Audience=Commercial&wa=wsignin1.0

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Thursday, April 12, 2018 12:38 PM
    Moderator
  • That is rather generic.
    Friday, April 13, 2018 1:39 PM
  • That is rather generic.

    This is "where is" forum for direction on where best to ask questions so we wouldn't have any more information to provide. Seems you'll have to call in to microsoft support to follow-up on your recent contact with support.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Friday, April 13, 2018 2:21 PM
    Moderator
  • I found this relating to MS Online Services. It contains EU Model Clauses & GDPR attachments:

    http://www.microsoftvolumelicensing.com/DocumentSearch.aspx?mode=1

    Scroll down to 'Online Service Terms' and select your language.

    Hope it helps.

    Tuesday, April 24, 2018 2:22 PM