Data Compliance with Microsoft Purview: GDPR/AVG, DLP, eDiscovery & Information Security

In this training, you'll learn how to use Microsoft Purview to comply with regulations around privacy, information security, and records management. You'll discover how to identify, classify, and protect sensitive information, set retention periods, and support audits, investigations, and reporting. Through practical exercises, you'll work with labels, policies, DLP, eDiscovery, and audit logs, gaining directly applicable knowledge for your organisation. The training closely aligns with current requirements around data governance, security, and GDPR compliance.

What you'll learn

• The role of Microsoft Purview within data compliance and information security.
• Identifying and classifying sensitive data using (auto)labels and classifiers.
• Setting up retention and records management for retention periods and deletion.
• Designing Data Loss Prevention (DLP) policies to prevent data leaks.
• Working with eDiscovery and Legal Hold for investigations and legal requests.
• Using audit logs and reports for oversight, audits, and incident investigation.
• Best practices for embedding compliance in a Microsoft 365 environment.

After this course you'll be able to:

• Configure Microsoft Purview as a central solution for data compliance.
• Classify and protect sensitive information using labels and policies.
• Set up retention and deletion processes in line with GDPR and records legislation.
• Design and test DLP policies to prevent unwanted data sharing.
• Conduct eDiscovery investigations, apply Legal Hold, and export data.
• Use audit logs and reports for audits, incident analysis, and accountability.
• Establish guidelines and processes to structurally embed compliance in your organisation.

Who is this for

• Compliance officers, privacy officers, and DPOs.
• Security and risk managers responsible for security and regulatory adherence.
• Information and records managers.
• Microsoft 365 and security administrators.
• Data stewards and data owners managing sensitive information.

Prerequisites

• Basic knowledge of Microsoft 365 (SharePoint, Teams, Exchange) is recommended.
• Understanding of privacy and security concepts (e.g. GDPR, data breaches, retention periods) is helpful.
• No in-depth Azure technical knowledge required; all core concepts are explained in the training.

Programme

Part 1 – Introduction to Data Compliance & Microsoft Purview

• Legislation and regulation (GDPR, records and sector-specific legislation) in relation to Purview.

Part 2 – Classification & Labels

• Identifying sensitive information, (auto)labels, sensitivity labels, and policy rules.

Part 3 – Retention & Records Management

• Retention periods, deletion, records, and applying policies to M365 content (mail, Teams, SharePoint).

Part 4 – Data Loss Prevention (DLP)

• Designing, testing, and rolling out DLP policies; preventing data leaks and unwanted exports.

Part 5 – eDiscovery & Legal Hold

• Setting up cases, running searches, preserving content, exporting, and documentation.

Part 6 – Audit Logs & Reporting

• Activity logs, alerts, dashboards, and evidence for audits and investigations.

Part 7 – Policy, Processes & Adoption

• Roles and responsibilities, governance model, communication, and change management.

Part 8 – Best Practices & Q&A

• Real-world examples, common mistakes, and next steps for your organisation.