Microsoft 365
Cloud productivity suite with GDPR-compliant EU data processing
- Ubicación de datos
- EU + US (DPF)
- Contrato de encargo
- Sí
- Modelo de precios
- Suscripción
- Datos del art. 9
- No apto
Para quién es esta herramienta
Sectores
- SMBs wanting one integrated office stack
- Teams standardised on Teams and Outlook
- Service, legal and accounting practices
- Companies needing EU-region data processing
Microsoft 365 bundles Word, Excel, Teams, Outlook and 30+ apps into a single subscription, making it the default productivity suite for most German SMBs. For DACH businesses the key feature is the EU Data Boundary: when enabled, customer data is processed and stored within the EU, which simplifies the GDPR conversation considerably.
Microsoft includes a Data Processing Addendum (DPA) and Standard Contractual Clauses (SCCs) in its Online Services Terms, so an AV-Vertrag is available out of the box. That said, the underlying data residency is classified as EU/US, so some processing and support paths can still involve a US parent company. It fits service firms, retailers, law and accounting practices that want one well-integrated stack rather than stitching tools together.
Ventajas y desventajas
Puntos fuertes
- EU Data Boundary processes data within the EU
- DPA and SCCs included in standard terms
- Deeply integrated suite covers most office needs
- Familiar to nearly all German employees
- Granular admin and identity controls
Limitaciones
- Data residency is EU/US, not EU-only
- US parent can be involved in some processing
- No free tier for business plans
- Full compliance config requires admin effort
Su encaje con el RGPD
Buena opción para
- EU Data Boundary keeps processing in the EU
- AV-Vertrag and SCCs ready to sign
- Central identity and access governance
Con cautela / no recomendado para
- Not suited for Art. 9 health data without extra safeguards
- EU/US residency requires documenting transfer risk
Nota sobre protección de datos
EU Data Boundary option; SCCs + DPA included in Microsoft Online Services Terms.
Preguntas frecuentes
Is Microsoft 365 GDPR compliant?
It can be operated GDPR-compliantly: Microsoft provides a DPA and SCCs, and the EU Data Boundary keeps processing within the EU when enabled.
Where is Microsoft 365 data stored?
Data residency is classified EU/US. With the EU Data Boundary, data for EU business customers is processed and stored within the EU.
Does Microsoft 365 offer an AV-Vertrag?
Yes. A DPA and SCCs are included in the Microsoft Online Services Terms.
Is Microsoft 365 suitable for health data?
It is not classified as suitable for Art. 9 special-category data; additional safeguards and a dedicated assessment would be required.
Los análisis son redactados y revisados personalmente por Eduardo. Describen qué hace una herramienta y su encaje con la protección de datos, pero no constituyen asesoramiento legal.