cross-posted from: https://lemmy.ml/post/13035348

Following its investigation, the EDPS has found that the European Commission (Commission) has infringed several key data protection rules when using Microsoft 365. In its decision, the EDPS imposes corrective measures on the Commission.

The EDPS has found that the Commission has infringed several provisions of Regulation (EU) 2018/1725, the EU’s data protection law for EU institutions, bodies, offices and agencies (EUIs), including those on transfers of personal data outside the EU/European Economic Area (EEA).

  • a4ng3l@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    8 months ago

    « Perfectly possible » but at what cost and with what compromises though ? Not specifically looking at Microsoft - the same would apply to similar products. Also a lot of the blame is on the commission itself and the lack of controls over its data - which also has nothing to do with where it’s being processed. Even if you do 100% in EU with open source software you can still fail many of the controls if you don’t track your data, have appropriate documentation to demonstrate it, did the required assessments… and those expectations are what bit them in the ass I think. And likely it will bit a lot of other actors that aren’t putting much effort in the same.

    • admiralteal@kbin.social
      link
      fedilink
      arrow-up
      0
      ·
      8 months ago

      Our of curiosity, which specific MS product is the one you see as most valuable / hardest to do without for IT security?

      I can’t imagine it’s word or excel or anything document-centric. That’s what most people think of when they think of MS Office, but in this day and age there are plenty of totally servicable alternatives. This from someone who both freely admits MS Word is the best wysiwyg editor and still refuses to use it. The sharing/collaboration stuff is pretty tight with MS Office, but my experience is that most people don’t use it and just email around attachments even though it makes more savvy people want to pull their hair out.

      I have to assume Outlook’s the big boy, right? Email & sync? And then, I assume, there’s lot of cloud services that typical end users don’t even know is there?

      • a4ng3l@lemmy.world
        link
        fedilink
        arrow-up
        0
        ·
        8 months ago

        I haven’t mentioned IT security at all have I?

        A lot of businesses (including my current employer) seem to enjoy the integrated ecosystem offered by ms from the office suite to sharepoints to mail indeed with a sprinkle of power bi and the form thingy.

        You can replicate all that but it is absolutely not trivial. And the end user also typically will find it less easy to interact with all the pieces.

      • MonkderZweite@feddit.ch
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        8 months ago

        Our of curiosity, which specific MS product is the one you see as most valuable / hardest to do without for IT security?

        I can’t imagine it’s word or excel or anything document-centric. That’s what most people think of when they think of MS Office, but in this day and age there are plenty of totally servicable alternatives.

        You’ll be surprised. Company documents are usually all made in the shitty format that only really works in MS Office.

        And of course MSO doesn’t even provide .NET components so someone could create a converter tools using MSO, you have to work around it or use Libre Office’s soffice command, which provides limited support for proprietary MSO features. Don’t tell me that’s not on purpose.