It has been heard that the EU has commenced an investigation into contracts Microsoft. The primary purpose of probing this institution is to assure that data is processing through compliance with GDPR. The European Data Protection Supervisor (EDPS), the regulator informed that a Data Protection Impact Assessment Report highlighted some issues in the Netherlands last November. Consequently, they were obliged to conduct this investigation with this US tech giant. As a result, the audit exhibited that, “Microsoft collects and stores personal data about the behaviour of individual employees on a large scale, without any public documentation.” The report drew everyone’s attention towards Microsoft Office Proplus.
An ultimatum has been issued by the European Data Protection Supervisor (EDPS) for such act by Microsoft. According to him, it will “increased risks to the rights and freedoms of individuals”. It can happen to any institution in the EU, which will use the same app in the audit. Furthermore, the EDPS illustrated the imminent claims which can raise a question on this well-reputed organisation. He said, “The EU institutions rely on Microsoft services and products to carry out their daily activities. This includes the processing of large amounts of personal data. Considering the nature, scope, context and purposes of this data processing, it is vitally important that appropriate contractual safeguards and risk-mitigating measures are in place to ensure compliance with the new regulation.” To clarify, the supervisor enunciated regarding the sensitivity of the issue by saying, “The EDPS investigation will, therefore, assess which the EU institutions are currently using Microsoft products and services and whether the contractual arrangements concluded between Microsoft and the EU institutions are fully compliant with data protection rules.”
A wind-up line
The regulation is all about auditing against is Regulation 2018/1725. This regulation was designed to conduct the data protection regime governing EU institutions in a sequence with the GDPR.
Microsoft is already committed to helping its client comply with both the GDPR and Regulation 2018/1725. Besides, the European Data Protection Supervisor further added a statement, “We stand ready to help our customers answer any questions the European Data Protection Supervisor (EDPS) may have”.