EDPS finds European Commission's Microsoft 365 use initially non-compliant with GDPR. Commission rectified issues by improving data processing instructions, safeguards for international transfers, and disclosure practices. Corrective measures were mandated, and significant improvements were noted. The EDPS emphasizes the need for all organizations to review data handling practices, warning that non-compliance can still exist. Companies should scrutinize cloud service agreements, especially regarding GDPR compliance.
