The announcement of The Conference of the Independent Data Protection Authorities of Germany (Datenschutzkonferenz or DSK) was unambiguous. At the end of 2022, it declared the use of Microsoft 365 incompatible with the GDPR on the basis of inadequate transparency in the way in which Microsoft processes personal data for its own purposes, and also a lack of proof of the lawfulness of this processing.
The fact that Microsoft 365 and European data protection law are not compatible is no secret. Time and again, data protection officers in individual German states have sounded the alarm and banned the use of the public cloud service, for example in schools. Now, for the first time, there is a joint statement from Germany’s top data protection authorities. This makes the penalties of violations more likely and stringent – and the continued use of Microsoft 356 more risky for companies.
“Companies do not have to expose themselves to this risk,” explains Tobias Gerlinger, CEO and Managing Director of ownCloud in Nuremberg.
“Contrary to popular belief, there are in fact full-fledged alternatives for all applications in the Microsoft suite that companies can use to provide their employees with a digital workplace that complies with data protection laws.”
Among these alternatives are numerous open source systems. They not only enable compliance with GDPR regulations but also prevent the dreaded vendor lock-in. Unlike software from Microsoft, they support open standards and do not use proprietary technologies. Companies can easily transfer their data to other systems as needed. In this way, they avoid dependence on manufacturers, and consequently keep their costs low
Such alternatives from the open source community include:
- The groupware solutions OpenXChange and Kopano
- The chat systems RocketChat and Matrix
- The video chats BigBlueButton and Jitsi
- The office applications ONLYOFFICE and Collabora
- The project management system Kanboard
- The file storage and collaboration platform ownCloud
“The IT market offers complete integrated solutions from systems like these that don’t depend on Office 365 but offer the same convenience and functionality,” Gerlinger explains. “Companies can run them in their own data centers, have them hosted by an IT service provider of their choice or, even more conveniently and easily, obtain them as software-as-a-service from the cloud of a European provider. Either way, they have GDPR compliance under their own control and can retain their digital independence.”