Save Big Money for GDPR using Microsoft Compliance Manager


If you are subscribing to an email list for your favorite companies, you have seen the General Data Protection Regulation (GDPR) information and updated privacy policies sent because of this. As a consumer, it offers some phrases like “right to be forgotten” and some powerful tools that aim to give user protections back. But, if you are a small business, this most likely affects you.

How does this affect you?

First question to ask is, “Do I market or interact with anyone from the EU and take/see any information about them?” This is starting as broad as possible due to scope of this regulation; if yes, then keep reading.

As we began our journey into compliance, a business-owner looks to professionals to aid with concerns.

Overnight, hundreds of “GDPR Experts” on Linkedin and “GDPR-As-A-Service” offerings appeared. This shows the confusion and fear in the market around the topic.

As a startup or business that is bootstrapped, these consultants can charge anywhere from $200–400+ an hour… and that is at the lower end we have found. Many big law firms and CPAs added that as a service they offered, meanwhile they are only just trying to learn it as they go, like we all are.

Where to Begin?

Well I have good and bad news. The bad news is that as a business you CANNOT ignore this. But, the good news is that there are tools out there for the software that your business already uses to aid this and reduce the cost. Increasing cost and high fees are something to be mindful of; most do not have a slush fund of cash for adding another C-Level Exec Data Officer that specializes in GDPR and data privacy.

Microsoft to the rescue… Compliance Manager is a new internal and reporting system that Microsoft is rolling out for customers of practically any service you consume of theirs; the access comes included.

Sample Dashboard of Microsoft Compliance Manager

Key Pillars of Compliance

Some of the requirements “on-paper” needed for GDPR is having a Data Controller and Data Processor.

  • Data Controller: An individual or organization (you can have joint controllers) that decides how, what, and why data is collected. They may store this data using another company’s cloud servers. For example, a website that collects customer data is a controller.
  • Data Processor: An individual or organization that stores data on behalf of the controller(s) and processes these data upon request. For example, Office 365 Business data storage acts as a processor and is fully GDPR compliant.

Consultants are outsourcing this and Data Protection Officer (DPO) roles, but a business may be able to use the tools Microsoft provides as part of their service.

Right off the bat, this can save thousands of dollars in employee salaries and fees!

This may make you wonder and the answer is yes; automation tools Compliance Manager can act as BOTH a controller and processor for the manager on your team handling this.


Regardless of revenue or employee size, reporting is one of the words written many times in the Doctrines and Articles of GDPR. Internal processes and reporting will be needed if ever audited. This can be as simple as clicking “Assign” and “Assess” in Compliance Manager.

Another unique feature we found useful is the Compliance Toolbox is for Employee Training. A team doesn’t have to be C-Level in order to be trained. Outsource or paying for seminars are an option, but Microsoft offers Summary and Resources for training. It includes videos, quizzes and overview. This is just another level of due-diligence that can be met on your team when regulators want to see what measures are in place.

Any business that is looking to comply and offer unique insight to their customers, we highly recommend spending some time around the compliance tools that Microsoft has to offer. We are already are seeing huge savings and immense value from this.

We have active communities on Twitter, Reddit and Telegram; watch these social media channels for the newest from our team!