GDPR includes some of the following requirements:
- the right to easy access to one’s own personal data;
- the right to secure data protection by design and by default;
- the right to data portability, or the ability for customers to move their data between companies easily upon request;
- the right to know when one’s data has been compromised or breached;
- the right to be forgotten, i.e. the ability to have one’s personal data deleted if there is no legitimate reason to retain the data.
The maximum penalty for GDPR non-compliance would be 20 million euros or 4% of worldwide turnover, whichever is greater.
More information about GDPR is available at www.eugdpr.org and ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en.
Microsoft has published its own GDPR compliance guide and best practices at www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx.
Google has documented its own commitment to GDPR here.