Fear of the delete button – Microsoft and compliance – Stefanie Jacobs – Ep69

Compliance of data continues to trouble many business execs, whether IT focused or not, it is high on the agenda for most organisations. Anyone who has listened to this show in the past will know, while technology only plays a small part in a building an organisations compliance programme, it can play a significant part in their ability to execute it.

A few weeks ago I wrote an article as part of the “Building a modern data platform” series, this article Building a modern data platform “prevention” focussed on how Microsoft Office365 could aide an organisation in preventing the loss of data, either accidental or malicious. This article explains how Microsoft have some excellent, if not well known tools, inside Office365 including a number of predefined templates which when enabled allow us to deploy a range of governance and control capabilities quickly and easily, immediately improving an organisations ability to execute its compliance plans and reduce the risk of data leaks.

This got me to thinking, what else do Microsoft have in their portfolio that people don’t know about? What is their approach to business compliance and can that help organisations to more effectively deliver their compliance plans?

This episode of the podcast explores that exact topic, this is a show I’ve wanted to do for a while and finally have found the right person to help explore Microsoft’s approach and what tools are quickly and easily available to help us deliver robust compliance.

This week’s guest is Stefanie Jacobs, a Technology Solutions Professional at Microsoft, with 18 years’ experience in compliance. Stefanie, who has the fantastic twitter handle of @GDPRQueen, shares with fantastic enthusiasm the importance of compliance, Microsoft’s approach and how their technology is enabling organisations to make compliance a key part of their business strategy.

In this episode we explore all the compliance areas you’d ever want, including the dreaded “fear of the delete button”. Stefanie shares Microsoft’s view of compliance and how it took them a while to realise that security and compliance are different things.

We talk about people, the importance of education and shared responsibility. We also look at the triangle of compliance, people, process and technology. Stefanie explains the importance of terminology and understanding exactly what we mean when we discuss compliance.

We also discuss Microsoft’s 4 steps to developing a compliance strategy, before we delve into some of the technology they have available to help underpin your compliance strategy, especially the security and compliance section of Office365.

We wrap up with a chat on what a regulator looks for when you have had a data breach and also what Joan Collins has to do with compliance!

Finally, Stefanie provides some guidance on the first steps you can take as you develop your compliance strategy.

Stefanie is a great guest, with a real enthusiasm for compliance and how Microsoft can help you deliver your strategy.

To find out more about how Microsoft can help with compliance you can visit both their Service Trust and GDPR Assessment portals.

You can contact Stefanie via email Stefanie.jacobs@microsoft.com as well as follow her on twitter @GDPRQueen.

Thanks for listening

If you enjoyed the show, why not subscribe, you’ll find Techstringy Tech Interviews in all good homes of podcasts.

While you are here, why not check out a challenge I’m undertaking with Mrs Techstringy to raise money for the Marie Curie charity here in the UK, you can find the details here.

Advertisements

Taking a GDPR Journey – Mike Resseler – Ep63

GDPR has been a constant business conversation over the last 18 months or so, it’s discussed in the press, on the news and social media, as well as a handful of episodes of this podcast. However, much of the conversation has focussed on what you should be considering and doing to take on the GDPR challenge, while very little has come from those who have already made great strides on their compliance journey.

With that in mind, a few weeks ago I read a fascinating series of blogs from software company Veeam, this series discussed the 5 principles they followed to build their compliance program. What was interesting, was this series of posts talked about the practical steps they took, not about the technology they deployed, or how their technology could help you, but a series of posts that shared their experiences and challenges they faced building their business compliance program.

As many of us are currently on our own compliance journey, I thought the opportunity to chat with someone who is already well down this path would be of real interest, so in this week’s podcast I’m joined by Mike Resseler, Mike is a Director of Product Management but is also a key member of Veeam’s global compliance team and has played a significant part in the way they have dealt with the challenges posed by GDPR.

In this week’s show Mike shares with us Veeam’s experience. We start at the beginning with the initial advice they took and research they did into what GDPR meant to them. We discuss the importance of putting together the right team to deal with business compliance and why it was important to realise the scope of the work they were about to undertake.

Mike also explains how it was important that Veeam saw GDPR as something that would have a positive impact on the business and how, although technology would play a part, this was something that would need a focus on people, workflow and procedures.

We also discussed how not everyone was enthused by the idea of business compliance and how they saw GDPR as just a European problem and how it was important that the compliance team educated all the business to the importance of compliance.

We also look at the practicalities of building a compliance program as Mike shares the 5 principles Veeam developed to help them, we look at those steps, knowing your data, managing your data, protecting the data, documentation and continual improvement. We discuss the importance of each step and the part they have played in building a global compliance program.

We wrap up looking at the future, discussing continual improvement, training and the way that Veeam are making compliance integral to everything they do across their business.

I hope you enjoy the fantastic insight that Mike provides into the way a company builds a compliance programme and tackles regulation such as GDPR.

To find out more from Mike you can find him on twitter @MikeResseler.

The original blog posts that inspired this episode can be found here https://www.veeam.com/executive-blog/our-journey-to-be-gdpr-compliant.html

Mike and his team have also produced this video in which they discuss how to accelerate your GDPR efforts https://www.veeam.com/veeamlive/accelerate-your-gdpr-efforts.html

Hope you enjoy the show and until next time, thanks for listening.