Of course your company does not want to throw away 20 million euros or 4% of your annual turnaround for not having data related to EU citizens regulated. Azure Infrastructure team understands that too. That is why they are planning to introduce the Data Subject Request (DSR) capability with Azure in near future.
GDPR Compliance is centered around the following concepts
- Right to Access
- Personal Data Defineation
- Breach Notification
- Right to be forgotten
- Privacy by Design
- Data portability
- Data Protection Officers (DPO)
Additionally, administrators will be able to perform actions per requests by the users related to their personal data on following fashions;
- Access - Provides a copy of personal data to a subject
- Rectify - Make changes or implement other actions
- Delete - Permanently delete data stored within the cloud
- Export - Provide data in a machine readable format that can be transferred to another controller.
Microsoft sources this will be available before 23rd May, which will be the deadline for GDPR initialization.