Empowering teams to understand, map, and mitigate data privacy risk with Microsoft 365.
Following Schrems II, organizations who use US-based cloud service providers face greater uncertainty related to GDPR requirements than ever before. The Privacy Shield is now gone and Standard Contractual Clauses, for so long the bedrock of EU-US data transfers, are no longer sufficient. As a result, many organizations have delayed a decision to assess a move to Microsoft 365, and some organizations that were mid-project have paused their work until there is further clarity, and / or the EU Data Boundary is in place.
Data Protection Impact Assessments helps organizations considering adopting Microsoft 365 or those with a stalled implementation to understand and mitigate any GDPR-related risk and concerns. Through this process we help organizations map and mitigate any GDPR-related risks or concerns, so that they can move forward confidently with adoption of Microsoft 365 without the need to wait until the EU Data Boundary is in place. The steps we follow include 1. Risk Identification: Lighthouse experts review internal data to identify risks related to GDPR data privacy requirements for your organization. 2. Roadmap to Risk Mitigation: Our team provides specifics on how to manage any identified risks through a combination of people, process, and technology options. 3. Accelerated Adoption: With a DPIA, organizations can unstick M365 projects stalled because of concerns around data privacy risk related to GDPR.
A Structured 8-week engagement consisting of 5 phases
Set the Foundation
Define the scope