Suppliers for Microsoft who handle sensitive information are likely aware that the Supplier Security and Privacy Assurance (SSPA) program data protection requirements were updated to address the General Data Protection Regulations (GDPR) coming out of the EU. GDPR will take effect on May 25, 2018.

Suppliers need to be aware of these new requirements to remain compliant. In addition, other existing requirements were clarified or enhanced, and others still were removed.

As the May 25 deadline approaches, we recommend you have in place, at a minimum, the following:

  1. A Data Classification and Privacy Governance Policy
  2. IT Asset Inventory document listing the hardware and devices connecting to your network and accessing data
  3. Updating your current privacy policy and terms and conditions both externally and internally.

Clark Nuber is able to help you in your compliance efforts by assisting with policy templates and mapping compliance control.

For a  detailed explanation about the changes, read my blog post from October 17, 2017.


Please contact Pete Miller if you have questions or need assistance with GDPR compliance.

© Clark Nuber PS and Developing News, 2018. Unauthorized use and/or duplication of this material without express and written permission from this blog’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Clark Nuber PS and Developing News with appropriate and specific direction to the original content.

This article contains general information only and should not be construed as accounting, business, financial, investment, legal, tax, or other professional advice or services. Before making any decision or taking any action, you should engage a qualified professional advisor.