At the time of the announcement of the OST changes, Brill stated that Microsoft will “increase our data protection responsibility for a subset of the processing that Microsoft uses in providing services to businesses.” The RGPD requires a contract between each manager and a subcontractor when personal data is transmitted. This means that Microsoft is either required to sign its customer`s processor agreement, or if microsoft offers a product or service to the customer, Microsoft can then write the contract. The RGPD also requires a subcontractor (Microsoft) not to accept the personal data of a processing manager in the absence of a contract and notify the person in charge. So the question is, where is the processor addendum for the RGPD? It is certainly not on the resource side of the RGPD. SalesForce has one. Oracle has one. AWS has a way out. To prepare for the General Data Protection Regulation (GDPR), please consult the resources available www.microsoft.com/gdpr. For this topic, see FAQ . Well, have you contacted the support? support.microsoft.com/en-us/help/28808/microsoft-store-contact-support “This subset of data processing is intended for administrative or operational purposes, such as account management; Financial reporting Combating cyberattacks on Microsoft products or services; and compliance with our legal obligations,” she added. I found information on the MS websites that such an agreement exists. Although I need it in Polish, it would be a good start “If law enforcement contacts Microsoft with a request for processed data, Microsoft will try to redirect law enforcement to request this data directly from the customer. If Microsoft is obliged to transmit processed data to law enforcement agencies, it will immediately notify the customer and provide a copy of the claim, unless it is prohibited by law,” Microsoft said.

You`ll find Microsoft`s contractual obligations regarding the RGPD in addendum data protection for online services, which provides Microsoft`s privacy and security obligations, data processing conditions and RGPD conditions for Microsoft-hosted services, which customers subscribe to under a volume licensing agreement. These conditions require Microsoft to impose section 28 of the RGPD and other relevant articles of the RGPD on processors. Can someone help me and tell me where I can download or get this deal? The OST update “specifies that Microsoft assumes the role of data manager when we process data for administrative and operational purposes in order to provide cloud services covered by this contractual framework, such as Azure, Office 365, Dynamics and Intune.” Yes, yes. The RGPD requires controllers (z.B. organizations and developers who use Microsoft`s online services) to use only processors (z.B. Microsoft) that process personal data on behalf of the processor and provide sufficient safeguards to meet the essential requirements of the RGPD. Microsoft has made these commitments proactively for all of the company`s online customers as part of its subscription contracts and for volume license customers as part of their enterprise agreements. Customers of other enterprise software generally available and licensed by Microsoft or our affiliates will also benefit from Microsoft`s RGPD obligations, as described in this notice, as long as the software processes personal data. Microsoft Support Contact: support.microsoft.com/en-us. Dpa online terms of service include issues related to the ownership of the data processed, the handling of personal data in accordance with the RGPD rules, infringement notifications, legal issues relating to data transfer between countries, data retention, disclosure and compliance with requests for data, HIPAA regulation and the new California Consumer Privacy Act (CCPA).

Microsoft applies the ccpa rules to all U.S. users.