Is Microsoft Office 365 GDPR compliant? It’s a question that has been debated for nearly two years by German data protection regulators and Microsoft. As it turns out, the answer may be surprising.
In a report published last week, the Datenschutzkonferenz (DSK), Germany’s data protection supervisory agency, essentially stated that public organisations in Germany cannot currently use Microsoft Office 365 in a lawfully compliant way under the GDPR. Shortly following this announcement, Germany banned the use of Microsoft 365 in schools.
There are three main reasons why the DSK has reported that Microsoft Office 365 “remains in breach” of GDPR:
The ambiguity of Microsoft’s practices underscores the DSK’s assessment that Microsoft Office 365 cannot meet GDPR controller obligations.
So, what should EU-based Microsoft users do now?
While not stated in law, this ruling will create ripples through the supply chain—from consumers to business partners and suppliers seeking assurance that their data is not being passed to Microsoft, or being stored or transmitted through the United States in such a way that breaches GDPR compliance.
Thus, there are two things organisations must now do as result of the ruling:
Virtru is a remarkably simple way for Microsoft users to protect access to sensitive data for compliance with GDPR.
Our end-to-end Microsoft encryption and access controls are embedded where users already work (in this case, directly within the Outlook interface), allowing sensitive data to be protected quickly and easily at the point of collection and throughout its lifecycle.
With a seamless web-based recipient experience and many deployments up and running in less than a day, organisations can act fast to protect their data, without disrupting their normal business workflows.
For the strongest data sovereignty and security, you also have the option to host your own encryption keys, which helps ensure that no third party can access your private data.
At a time when there is increasing confusion on what access Microsoft might have to your data, Virtru cuts through the noise to provide clarity and ensures that you, and only you, can always control who can access your organisation’s sensitive information.
Ready to take the next step to strengthen data sovereignty and security? Contact our team to start the conversation.