Customer Insights: Data privacy and GDPR

How does Customer Insights ensure compliance with GDPR and data protection?

Customer Insights is fully GDPR-compliant. It is a data processing tool that offers Data Controllers, i.e., the customers, facilitation for compliance.

Regarding data security, all data at rest is encrypted. Customer Insights utilizes state-of-the-art 256-bit AES encryption, which is native to the Azure storage it uses. This encryption is transparent to users. Users also have the option to bring their own encryption keys. Data is transmitted over HTTPS, ensuring encryption during transfer.

Do consumers have access to the collected data?

Customer Insights does not directly collect data from end consumers. It only incorporates data from an organization's or company's systems into Customer Insights, as desired by the company's administrator.

Can the unification of data sources in Customer Insights be reversed?

Yes, the unification of data from different sources can be configured to allow the removal of sources or the addition of new ones at any time.

Is it possible to restrict what can be done with the data in Customer Insights?

Yes, this is entirely controlled by the administrator in an organization or company that uses Customer Insights.

How are changes propagated to customer and partner systems when users want to remove their data from Microsoft's data lakes? What about the right to be forgotten?

Data is incorporated into Customer Insights from an organization's or company's systems. When data is removed, it is transferred to the Customer Insights application during an update or refresh process.

The "right to be forgotten," i.e., the removal of personal data from an organization's or company's customer data, is an important protection under the GDPR. Deleting personal data involves removing all personal data and system-generated logs, except for audit log information. Customer Insights provides the following in-product options for deleting personal data for a specific customer or Customer Insights user:

• Managing deletion requests for customer data: Customer data in Customer Insights is ingested from original data sources outside of Customer Insights. All GDPR deletion requests must be performed in the original data source.
• Managing deletion requests for Customer Insights user data: Data is created by Customer Insights, and all GDPR deletion requests must be performed within Customer Insights.

Do we have resources to assist customers in maintaining compliance with their customer data unification? How are companies supported in responding to their customers' data discovery requests?

We assist our customers in finding, refining, and validating data using intelligent search tools, enabling them to respond quickly and effectively to scenarios such as fulfilling legal requirements, customer inquiries, and investigations.

How does Microsoft ensure that privacy takes precedence over commercial gain?

Much of the potential of new technologies relies on analyzing large volumes of data to gain new insights, create innovative services, or simply make everyday tasks a little easier. However, the ability to leverage data must go hand in hand with protecting the privacy of the individuals whose information forms the basis. Managing, storing, and processing this data brings new responsibilities for Microsoft. Microsoft's approach to privacy is based on the belief that our customers own their data, and we support this belief with concrete measures to protect their privacy and give them control over their data. We only use customer data to deliver the agreed-upon services and do not utilize it for marketing or advertising purposes.

How does Microsoft combine data privacy with data security?

Microsoft employs over 3,500 cybersecurity experts who provide security measures to protect against, detect, and respond to potential threats.