EY is collaborating with Microsoft on a broad approach to help address many of the challenges clients are facing around the EU General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018.
The GDPR applies to all businesses offering goods or services to the EU and aims to protect the privacy and security of EU residents’ personal data through the imposition of numerous requirements impacting the entire data lifecycle within most organizations.
The jointly-developed service will use existing and new capabilities from both EY firms and Microsoft to offer the technology and processes that help support compliance and risk management.
Using Microsoft’s Secure Productive Enterprise initiatives inclusive of Microsoft Azure, Microsoft Office 365 and Windows, companies will be able to use their existing investments in technology to comply with GDPR regulations.
The new initiative can expand EY compliance, privacy and data protection offerings, and augments an existing portfolio jointly developed by EY and Microsoft, including services to help organizations sense, resist, react and recover from cyberattacks.
“The GDPR is unlike any other privacy regulation to date. It impacts businesses around the world, and creates challenges that won’t be solved by policy and procedures alone,” says Angela Saverice-Rohan EY Americas Privacy Leader, Advisory. “Additionally, the GDPR presents a tremendous opportunity for companies to strategically manage their compliance in a way that achieves other important value propositions; specifically data enablement, process optimization and risk reduction. Technology is at the heart of this, and the joint initiative by EY and Microsoft will help to create value for clients at all stages of their GDPR journey, beginning at the data discovery phase and all the way through to automation of many aspects of GDPR compliance.”
Paul van Kessel, EY Global Cybersecurity Leader, says: “The GDPR is a major disruptor to our clients as well as our own industries, in both technology and consulting. It will transform how companies manage personal data and is already creating an industry of new point solution providers.
“But, our clients are looking for a holistic way to address the regulation, from initial assessment, through implementation planning and operationalization. They are looking for approaches that integrate privacy and security and that also manage risk across the three lines of defence namely, business operations, risk and compliance and internal audit.”
Brendon Lynch, Chief Privacy Officer, Microsoft Corp. says:
“The European Union’s GDPR represents a significant shift in the way personal data is regulated and it is having global impact. It places more obligations on organizations to take a comprehensive approach to respecting and protecting the personal data they control – no matter where it is stored, processed or sent.”
The alliance between EY and Microsoft, announced in 2015, leverages the combined strengths of both organizations for jointly-developed offerings. Recently, EY announced new joint offerings with Microsoft on cyber managed services and a service to help companies run their SAP® software environments securely on the Microsoft Azure cloud platform.