A company receives a subject rights request (SRR) from a customer under GDPR, asking for the deletion of all personal data held about them. The compliance team needs a tool to orchestrate the discovery of this data across Microsoft 365 and other systems, and to track the response and fulfillment of the request. Which Microsoft Purview solution should they use?
Microsoft Priva provides a centralized solution to handle subject rights requests, including automated data discovery across Microsoft 365 and other connected systems, and tracking the entire fulfillment process.
Why this answer
Microsoft Priva (Privacy Management) is the correct solution because it is specifically designed to help organizations manage subject rights requests (SRRs) under regulations like GDPR. It automates the discovery of personal data across Microsoft 365 and connected systems, provides a workflow to track the request lifecycle, and facilitates the fulfillment of actions such as deletion. This directly addresses the compliance team's need to orchestrate discovery and track response for an SRR.
Exam trap
The trap here is that candidates often confuse eDiscovery (which handles legal holds and litigation) with privacy management (which handles subject rights requests), but eDiscovery lacks the automated SRR workflow and privacy-specific orchestration that Priva provides.
How to eliminate wrong answers
Option A is wrong because Microsoft Purview eDiscovery is focused on legal discovery for litigation or investigations, not on managing privacy subject rights requests; it lacks the automated workflow for SRR fulfillment and tracking. Option B is wrong because Microsoft Purview Audit is a logging and monitoring tool for auditing user and admin activities, not a solution for orchestrating data discovery or responding to deletion requests. Option C is wrong because Microsoft Purview Data Lifecycle Management (retention labels) is used to apply retention and deletion policies to data based on business or regulatory requirements, not to handle the end-to-end process of a subject rights request.