Understand. Protect. Manage.

Data Governance & Compliance

Protecting and governing sensitive data is the biggest concern in complying with regulations. Many businesses cannot say with confidence they can detect sensitive data loss or protect against it. More troubling is that that a lot of corporate data is not classified, protected, or governed.


Know your data

An effective Data governance and compliance strategy is a journey that starts with a business understanding what data it has, if that data contains sensitive or personal information, where it is stored, who has access to it, for how long it is stored and why.

These questions are typically not easy to answer without insights into the data and the source of storage. Before you can develop solid data governance plans for storage and usage, it's important to have a good idea of the data your organisation uses.
Talk to an expert now

BMIT – an expert partner on this journey

Deploying tools and policies is small part of the work needed to Implement a governance and compliance strategy. Most of the work starts with a deep dive into the business and its data. BMIT’s experts will help you identify all your sources of data – on-premises or in hybrid clouds – and using Microsoft’s governance capabilities create a map of your data across your business.

Once you understand where your data is, BMIT can help your team to focus on the following actions:
Data Policies

Create policies to protect that data

Data Retention

Set rules on what data should be retained or deleted

Classifying Data

Classify or label your data to make it easier to apply policies and protect data.

Data Policies

Data policies are a way of ensuring that your business's data is protected, compliant, and managed throughout its lifecycle. Data policies help control who can access your data, where your data is stored, how long your data is retained, and how your data is used.

With policies you can:
Protect your data from unauthorised access, loss, or leakage by using encryption, access control, data loss prevention (DLP), and information protection features.
Comply with legal and regulatory requirements by using retention, deletion, and preserve or remove your data as needed.
Manage your data lifecycle by using classification, labelling, and governance features to identify, organise, and monitor your data across different workloads and services.
There are 4 components that Microsoft uses when creating policies:

Sensitive information types

Common types of sensitive data, include credit card numbers, social security numbers, or health records. You can use sensitive information types to detect and protect your data in various scenarios and define policies.

Retention labels

These specify how long data should be kept or when it should be deleted.

Information protection labels

These how data should be protected or handled. You can use information protection labels to enforce encryption, access control, visual marking, or DLP policies.

Sensitivity labels

These specify your data’s business value or risk level.

Data retention

Data retention can help you comply with legal, regulatory, or business requirements, as well as reduce storage costs and risks.

Several solutions can address such a requirement, some better than others. For example, data retention in Microsoft 365 can help you to manage how long your content is stored and when it is deleted.

You can use retention policies and retention labels. Retention policies apply to entire locations or specific instances, such as mailboxes, sites, groups, or teams. Retention labels apply to individual items or folders, such as emails, documents, or chats. You can use both retention policies and retention labels together to achieve your data retention goals.

Retention policies and retention labels have common settings that let you specify how long to retain content and what to do with it after the retention period expires. You can choose to retain content for a fixed period or based on an event, such as the last modified date or the end of a contract. You can also choose to delete content automatically or review it before deletion.

data retention graphic

Classifying data

Visually marking your data is a key step in your data governance journey. Using the capabilities of Microsoft 365 and Microsoft Purview, you can use built-in or custom regular expressions or functions to identify sensitive data. This can be based on keywords, confidence levels and proximity.

Once you have identified the types of sensitive data you want to identify and have created a sensitive information type or used a template you can then use that sensitive information type as a base for policies when deploying other features such as eDiscovery, auto-labelling to protect the data.​


Planning your journey

Effective data governance takes time and resources. It is a process that goes beyond configurating settings or adding labels to your data. A lot of careful planning is required as well as testing of policies / classification on a small group of users to ensure that whatever feature or policy you apply does not stop your users from being able to work or mislabelling leads to sensitive data being unwillingly leaked or shared.

Every business needs a data governance strategy. Partnering with a trust IT advisor with governance and security experience is a wise decision, especially if your IT resources do not have the necessary skillset.

Is your business struggling to meet compliance and governance requirements? Talk to one of our experts today!
Find out more
looking for something else?

Related Services

get in touch

What sets us apart from the rest?

What distinguishes BMIT from other service providers is our ability to offer a personalised and customised service to each of our customers.

Discover how our services could transform your business’ online efficiency and security

Contact us
24/7 Technical support
24/7 Phone support
Skype support
Email support