Microsoft aligns Office 365 with EU Data Protection Directive

Microsoft has taken steps to make Office 365 more attractive to European and US customers who have to comply with regulatory requirements related to data protection.

The new safeguards come primarily in the form of contractual commitments and new software features. Microsoft hopes the moves will lessen potential concerns about using its cloud-based applications, which are hosted in Microsoft data centres where customers' data is also stored.

When selling Office 365 in Europe, Microsoft will now sign contractual "model clauses" developed by the European Union, which establish safeguards and procedures for protecting data when it is transferred outside the EU.

In European countries with additional requirements, Microsoft will include what it called a "data processing agreement" that goes beyond the EU's Data Protection Directive rules.

In the US, for contracts with health-care companies that have to comply with the Health Insurance Portability and Accountability Act (HIPAA), Microsoft will include Business Associate Agreement (BAA) contract provisions drafted by the US Department of Health that address legal requirements around patient data privacy and protection.

Related:

"We want to help customers move with confidence and security to the cloud and be compliant with obligations to HIPAA and EU data protection rules," said Stephen McGibbons, Microsoft CTO for the EMEA (Europe, Middle East and Africa) region.

Microsoft is also re-launching the Office 365 Trust Center, a website with information about the product's privacy and security practices that has been redesigned to make it easier to use.

Although businesses are becoming more comfortable with cloud-hosted software, companies in heavily regulated industries such as health care and finance tend to be more apprehensive, as they have to be careful not to run afoul of data protection regulations.

"We want to make sure that customers using our cloud services can demonstrate that they're complying with their regulation responsibilities, and we also want to make it easier for customers to move to the cloud quickly," McGibbons said.