There is a part of Microsoft you must be familiar with if you are working in the privacy field.
https://docs.microsoft.com/en-us/compliance/regulatory/gdpr
The General Data Protection Regulation (GDPR) introduced new rules for organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data for EU residents no matter where you or your enterprise are located. This area of the Microsoft site helps you understand the different obligations you need to be aware of.
One of the things I find most lacking in organisations I cosult for is a total lack of Data Protection Impact Assessments. There is nothing inherent in Microsoft Office 365 that would necessarily require the creation of a DPIA by a data controller using it...
Read More