Privacy and personal data for Microsoft Dynamics 365

Microsoft Dynamics 365 is committed to helping our customers meet their privacy and personal data requirements, as well as General Data Protection Regulation (GDPR). In this topic, you will find information and resources to help you understand how Microsoft Dynamics 365 supports protecting and enabling the privacy rights of individuals, and how we provide the information and tools that our customers need in order to define and support their specific obligations. You can read more about the Microsoft commitment to security at the Microsoft Trust Center.

White papers, security reports, penetration tests, and risk assessment tools

To find detailed information about privacy and personal data for Dynamics 365 applications and services, visit Data Protection Resources. This site provides white papers, FAQs, security reports, penetration tests, risk assessment tools, and other resources. In particular, the site provides guidance about about how you should consider enhancing your data protection capabilities and how you might want to think about compliance as a process that has four stages: discover, manage, protect, and report.

Data subject requests

The General Data Protection Regulation (GDPR) is fundamentally about protecting and enabling the privacy rights of individuals. For information about the opportunities GDPR brings for organizations in the context of their business applications, whether there are any specific risks and measures to be taken in the GDPR context, and any potential impact on how business applications need to be used, see What GDPR means for your business applications: the IDC analyst's view.

The GDPR grants individuals (or data subjects) certain rights in connection with the processing of their personal data. These rights include the right to correct inaccurate data, erase their data or restrict its processing, receive their data, and fulfill a request to transmit their data to another controller. The resources in this section will help Dynamics 365 customers respond to data subject requests (DSRs).To find information about what the GDPR requires of controllers (you) and processors (Microsoft) when you respond to DSRs, and how Microsoft enables you to do so, see DSRs on the Service Trust Portal.

EU Data Boundary

Learn about Microsoft services and the EU Data Boundary at Overview of the EU Data Boundary.

The Relevance Search report is available for Dynamics 365 Customer Service, Field Service, Marketing, Project Service Automation, and Sales.

Resources to help administrators and customizers configure Relevance Search:

Resources to help users get started with Relevance Search:

Person search report

The Person search report is available for Dynamics 365 Finance, Commerce, Human Resources, and Supply Chain Management.

Compliance Manager

Compliance Manager is a cross–Microsoft cloud services solution that is designed to help organizations meet complex compliance obligations like the GDPR. It does real-time risk assessment that reflects your compliance posture against data protection regulations when you use Microsoft cloud services. It also provides recommended actions and step-by-step guidance.

You can try Compliance Manager by visiting the Service Trust Portal and downloading it. To get started using Compliance Manager, see Microsoft Purview Compliance Manager (preview).

Compliance Manager blog posts

Compliance Manager white papers and datasheets

Compliance Manager videos


Hear from Microsoft about how we support privacy and personal data requirements, and learn how we are helping our Microsoft Dynamics 365 customers support their requirements.

Blog posts and e-books

Read more about Microsoft privacy and personal data compliance, what it means to our customers, and what it means to us as a corporation.