GDPR and Microsoft’s Data Discovery and Classification

March 30, 2018

On the 25th of May, countries across the European Union will begin enforcing the General Data Protection Regulation (GDPR). This change will not only affect how businesses in the UK and EU operate but also outside of the EU. This means any company who interacts with EU businesses’, residents’ or citizens’ data must conform with the GDPR.

The GDPR is designed to give more control over an individuals personal data by expanding their rights to a level never seen before. The foundation of the GDPR is identifying personal data as the property of the individual and therefore giving them specific rights. These rights include the right to access, to be informed, to rectify, to erase, to restrict processing, to data portability, to object and the right to not be subjected to automated decision making such as profiling.

To comply with these requirements, several key areas of a businesses data protection protocol must be changed. To assist businesses to do this, Microsoft now offers new tools, SQL Information Protection for Azure and SQL Database, and SQL Data Discovery and Classification which offers similar capabilities for on-premises SQL Server (available in SQL Server Management Studio).

Both tools introduce a set of services aimed at protecting the data and not just the database:

Discovery and recommendations – identifies columns containing potentially sensitive data and provides a simple way to review and apply the appropriate classification recommendations.

Labeling – classification labels can be tagged on columns which can then be used for advanced auditing and protection scenarios.

Monitoring/Auditing – the sensitivity of the query results is calculated in real time and used for auditing access to sensitive data (currently only available in Azure SQL DB).

Visibility – a detailed dashboard in the Azure portal and a report in SSMS can be viewed, printed or exported to be used for compliance and other needs.




After the discover and classification steps have been performed businesses can act accordingly to meet the requirements of GDPR such as Dynamic Data Masking or Always Encrypted, which enables the obfuscation and/or encryption of columns in a table.

BizOne is committed to providing services and support to current and future clients to achieve their Business Intelligence and compliance goals. If you would like to discuss your requirements, contact us today!