Microsoft 365 is where many organizations collaborate, share documents and store information on a daily basis. Documents reside in SharePoint and OneDrive, communication runs through Teams and email, and more and more processes run completely digitally. This also makes Microsoft 365 an important part of how organizations handle information, data and security.
That means that laws and regulations such as the AVG, NIS2 and the Archive Act are not just about policy or legal documents, but directly affect how your Microsoft 365 environment is set up. Think about access rights, retention periods, archiving and managing Teams and SharePoint sites.
In this blog, read about what NIS2, AVG and the Archive Act mean in practice for your Microsoft 365 environment and why governance and proper setup are a must.
The NIS2 Directive is European legislation that requires organizations to better organize their digital resilience and cybersecurity. It focuses primarily on key processes and sets high standards for risk management, security measures and incident reporting.
Specifically, what does this mean for your Microsoft 365 environment?
For Microsoft 365, it means that organizations need to better demonstrate how data is protected, who has access to systems and how risks are managed. In practice, this often goes wrong when access rights are set too broadly, when there is little oversight across Teams and SharePoint sites, or when security settings vary by workspace. Without clear governance, it becomes difficult to maintain control over access to information and systems.
What does it pay off if you set this up right?
A well-designed Microsoft 365 environment helps you mitigate these risks. Applying clear structure, access control and lifecycle management creates more control over data and makes it easier to meet cybersecurity and risk management requirements.
The Archives Act addresses the management, preservation and archiving of information within organizations, particularly within the government and public sector. The law requires organizations to keep information in good, orderly and accessible condition and to archive or destroy it at the appropriate time.
Specifically, what does this mean for your Microsoft 365 environment?
Within Microsoft 365, this is where challenges often arise. Documents are stored in Teams, SharePoint and OneDrive, but without clear agreements on retention periods or archiving, information often remains indefinitely. This creates a growing amount of data without a clear overview.
What does it pay off if you set this up right?
Getting retention, archiving and lifecycle management right keeps information more manageable. Automatic retention and archiving ensure that documents are retained, archived or deleted at the right time. This makes the setup of Microsoft 365 more in line with the requirements of the Archive Act.
The General Data Protection Regulation (AVG) sets rules for processing and protecting personal data. Organizations must be able to demonstrate that personal data is stored securely, accessible only to the right people and not kept longer than necessary.
Specifically, what does this mean for your Microsoft 365 environment?
In Microsoft 365, a risk often arises when documents containing personal data are shared too widely or when it is not clear who has access to certain information. Consider, for example, HR documents, contracts or customer data stored in Teams or SharePoint.
What does it pay off if you set this up right?
By properly setting up access rights, classification and retention periods, organizations can better control how personal data is stored and used. This makes it easier to comply with the AVG and reduce risks around privacy and data breaches.
The three laws each have a different focus, but ultimately touch the same parts in Microsoft 365: visibility into data, control over access rights and clear agreements about retention and archiving. Without clear governance, a Microsoft 365 environment quickly grows into a collection of separate Teams, SharePoint sites and documents, making it difficult to maintain oversight and comply with laws and regulations.
Getting governance right creates more structure and control. Consider clear rules for creating workspaces, managing access rights and applying retention periods and archiving. Solutions such as Workspace Assistant 365 can help with this by automating the creation and management of Teams and SharePoint sites, making governance and compliance a direct part of setting up the environment.
Want to know how your Microsoft 365 environment is currently doing? With our Governance & Compliance scan, we map out where possible risks are and what steps are needed to better structure your environment and make it ready for laws and regulations such as NIS2, the AVG and the Archive Act.
