Microsoft has announced the commercial availability Privacy Management for Microsoft 365.

Organizations that need to comply with privacy regulatory requirements have often done so via manual processes. Privacy Management for Microsoft 365 is Microsoft’s solution to simplify and automate many of those processes.

Most of the organizations are using manual processes to track data with privacy implications, 53% of the companies handle subject requests manually, 42% have a partially automated process, and only 2% have automated their response

Microsoft’s privacy solution works across “Exchange Online, SharePoint, OneDrive for Business and Microsoft Teams” services. Organizations will need top-tier E5-type licensing to use it. Privacy Management for Microsoft 365 uses AI to assess privacy risks. It also has an automated discovery process to discover the sensitive data get located.

Privacy Management automatically and continuously discovers personal data in customers’ Microsoft 365 environments by leveraging data classification and user mapping intelligence. Organizations can see an aggregated view of their privacy posture, including the volume, category, location, and movement of personal data in their Microsoft 365 environments. Additionally, they get visibility into the status and trends of the associated privacy risks arising from personal data being overshared, transferred, or unused.

Privacy Management for Microsoft 365 adds three capabilities for organizations overseeing privacy issues.

  • It identifies risks and where personal data is stored.
  • It lets organizations automate their responses to “subject rights requests,” which is the European Union’s term in the General Data Protection Regulation for outside parties requesting personal information stored by an organization.
  • Privacy Management for Microsoft 365 helps educate employees on handling privacy-sensitive information.

Automation of responses to subject rights requests can include Microsoft partner support for the data that’s stored outside of Microsoft 365.  This is supported by Tying up the partner with leading privacy software companies One Trust, Securiti.ai, and Wire Wheel to extend subject rights management capabilities to personal data stored outside of the Microsoft 365 environment, enabling customers to have a unified and streamlined response to subject requests.

The partner support is utilizing an API for Microsoft’s Privacy Management solution, which has reached the general availability stage. The Microsoft Privacy Management solution API lets organizations use their own customizations, too. It includes built-in Power Automate workflows as well.

Two included Power Automate workflows were described in the API announcement, namely:

  • Integrate subject rights requests with in-house or partner-built privacy solution
  • Automate Privacy workflows and create calendar reminders, search files with specific tags, and track subject requests in ServiceNow