From the coming school year, the use of MS 365 at schools must be terminated or its data protection-compliant operation must be clearly demonstrated by the responsible schools."
This is how the SA of Baden-Württemberg starts its press release stating that M365 is not #GDPR compliant and it must be discontinued.
Thanks. Baden-Württemberg worked with MS to produce a maximally locked down version of MS365 for use in schools. But even that was problematic in that it transmitted sensitive data to very many servers in an I secure way.
MS 365 seems non-compliant to its core. I hope the UK's ICO develops the same level of diligence as Baden-Württemberg's LfDI, to protect British students.
A Mastodon instance for Luxembourg and beyond.