NOVARIC® – GDPR Security and Compliance Policy
The most effective end-user documentation will be customized guidance and instructions you provide for the label names and configurations you choose. You can use the label policy setting Provide users with a link to a custom help page to specify an internal link for this documentation. Users can then easily access it from the Sensitivity button:
- For built-in labeling: Learn More menu option.
- For the Azure Information Protection unified labeling client: Help and Feedback menu option > Tell Me More link in the Microsoft Azure Information Protection dialog box.
To help you provide your customized documentation, see the following page and downloads that you can use to help train your users: End User Training for Sensitivity Labels.
You can also use the following resources for basic instructions:
- Apply sensitivity labels to your files and email in Office
- Automatically apply or recommend sensitivity labels to your files and emails in Office
- Azure Information Protection unified labeling user guide
If your sensitivity labels apply encryption for PDF documents, these documents can be opened with Microsoft Edge on Windows or Mac. For more information, and alternative readers, see Which PDF readers are supported for protected PDFs?
Overview
NOVARIC® GDPR Security and Compliance Policy ensures the protection, classification, and governance of personal and sensitive data in compliance with the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). This policy applies across NOVARIC®’s digital ecosystem, helping detect, classify, and secure sensitive data stored and shared within Microsoft 365 services, including Exchange, OneDrive, SharePoint, Teams, and Purview Assets.
1. Description for Users
NOVARIC® GDPR Security and Compliance Policy is designed to protect individuals’ privacy rights and ensure regulatory compliance across all NOVARIC® digital platforms. This policy helps detect, classify, and secure sensitive information within emails, documents, and shared files by automatically applying sensitivity labels. These labels provide encryption, access control, and content markings to ensure compliance with GDPR and data protection best practices.
Users will see automatic or recommended labels when working with sensitive content in Exchange, OneDrive, SharePoint, Teams, and Microsoft 365 applications. The system ensures that sensitive data is not accidentally shared or accessed by unauthorized users. Additionally, users must provide justification when modifying or removing applied labels, reinforcing security and accountability in handling personal and confidential information.
For guidance on applying labels and managing compliance, visit NOVARIC® GDPR Compliance Hub or contact NOVARIC® IT Security Team at security@novaric.co.
2. Description for Admins
Administrators play a critical role in enforcing data protection policies, managing sensitivity labels, and ensuring GDPR compliance within the NOVARIC® digital ecosystem. The NOVARIC® GDPR Security and Compliance Policy equips admins with the tools to configure, monitor, and maintain data classification, encryption, and content protection across Microsoft 365 services.
Admin Responsibilities:
- Policy Enforcement: Ensure that sensitivity labels are correctly applied and maintained across documents and communications.
- Auto-labeling Management: Configure and review automated labeling policies for high-risk data categories.
- User Compliance Monitoring: Use Microsoft Purview compliance reports to track labeling activities and detect policy violations.
- Incident Response: Investigate and remediate data leaks, unauthorized label removals, and other compliance breaches.
- Training & Support: Provide users with guidance on correctly applying sensitivity labels and understanding GDPR compliance.
Technical Implementation:
- Configure sensitivity labels via Microsoft Purview to enforce compliance.
- Apply content marking, encryption, and access control to classified documents.
- Use Microsoft Defender for Cloud Apps to monitor data exfiltration risks.
- Enable justification prompts for label downgrades or removals.
For more details on label policies, visit Microsoft Sensitivity Label Documentation or contact NOVARIC® IT Security Team at security@novaric.co.
3. Purpose of the Policy
- Ensure GDPR compliance for all personal and sensitive data handled by NOVARIC®.
- Automate data protection using sensitivity labels for classification and access control.
- Facilitate data subject requests (DSRs), enabling easy retrieval and export of personal data when required.
- Prevent unauthorized access, leaks, or breaches of confidential information.
4. Scope and Implementation
- Scope: Files & data assets, emails, Exchange, OneDrive, SharePoint, Teams, and Purview Assets.
- Auto-labeling: Automatically applies labels to sensitive content based on predefined rules.
- Access control: Restricts file sharing and content modification for sensitive data.
- Content marking: Watermarks, footers, and headers with the label “NOVARIC® – GDPR Security and Compliance Policy”.
5. Labeling Mechanism
- Default Labeling: This policy is applied automatically to all newly created or modified documents and emails containing personal or confidential data.
- Mandatory Labeling: Users are required to apply sensitivity labels before sharing documents or sending emails.
- Justification for Downgrades: If a user attempts to lower or remove a label, they must provide a justification.
- Encryption & Rights Management: Protects files with encryption, preventing unauthorized access or sharing.
6. User Responsibilities
- Apply the correct sensitivity label based on the content classification.
- Ensure compliance with GDPR principles, including data minimization, accountability, and integrity.
- Report any data security concerns to NOVARIC® IT Security Team.
7. Additional Resources
For detailed guidance, visit NOVARIC® GDPR Compliance Hub or refer to Microsoft’s Sensitivity Label Documentation here.
For support, contact NOVARIC® IT Security Team at security@novaric.co.