Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.
The EDPS has found that the Commission has infringed several provisions of Regulation (EU) 2018/1725, the EU’s data protection law for EU institutions, bodies, offices and agencies (EUIs), including those on transfers of personal data outside the EU/European Economic Area (EEA).
Your assessment is all fun and games until you realizasse they don’t have another option right now than using Microsoft 365. They’ll simply pressure Microsoft into implementing a few changes to comply with the legislation and move on. Microsoft also doesn’t want their large governmental customers so they’ll do it.