Blog | Press release

How to leverage Microsoft Office and Microsoft 365 the safe way

We explain how you can use Microsoft Office and Microsoft 365 without violating data protection laws
GDPR-compliant use of Microsoft Office suite in organizations with ownCloud

When using Microsoft Office, your data is stored in the cloud. Due to the US Cloud Act and the Schrems II ruling, this is problematic in terms of data protection if your work involves handling personal data. However, companies do not necessarily have to avoid the otherwise omnipresent Office package completely. Today, we explain how you can use Microsoft Office without violating data protection laws.

No way around it: Microsoft Office is the de-facto standard

Microsoft Office has for a long time been the de-facto standard in office productivity suites and that influence has crept over into other aspects of the workplace software market. Many businesses insist on using Microsoft Office, which makes it a requisite for their business contacts. Although there are good alternatives, many organizations don’t consider switching: investments in licenses and training are made, and many fear disadvantages due to incompatibilities.

The issue: Storage in public clouds

Microsoft Office stores your data in the cloud, for instance when users share their documents via Microsoft OneDrive, SharePoint or Teams. Microsoft 365 treats data privacy considerations even more roughly and stores all documents and emails directly in the cloud. Since Microsoft is a US company, it is subject to the Cloud Act. In other words, the company is required by US law to give government agencies access to Microsoft’s users’ data upon request. While this is bad for data privacy, it now also is a tangible liability issue for European companies: The European Court of Justice has struck down the so-called “Privacy Shield” in 2020, meaning that is no longer any legal basis for transferring data to the United States.

So, do businesses now even have a chance of sticking with Microsoft Office? Yes, they have! By cleverly tweaking the Office ecosystem, documents can be prevented from being transferred to Microsoft’s cloud, avoiding both privacy breaches and liabilities towards European supervisory authorities. Businesses are advised to take the following measures in order to use Microsoft Office in way that is compliant with data privacy regulation:

  • Instead of OneDrive or SharePoint, organizations should use another solution for storing files. They should operate it as a private cloud in their own data center or with an IT service provider of their choice. So-called on-premises file sharing solutions are best suited for this.
  • With Microsoft Office Online Server, an on-premises browser version of the Office suite is available. As with the aforementioned third-party file sharing solutions, businesses can operate Microsoft Office Online Server in their own data center or with an IT service provider of their choice. Thanks to the open-standards WOPI protocol, Microsoft Office Online Server can easily be integrated with a file sharing solution of choice. As a result, users can edit Office documents with Microsoft Word, Excel or PowerPoint in their browsers without transferring them to a cloud controlled by Microsoft.
  • Microsoft Outlook can also be used risk-free by combining it with a file sharing integration. Instead of sending documents directly as an email attachment, users then simply add links to files or folders stored safely in their third-party file sharing solution. That way, documents never actually leave the company’s private cloud.
  • To share and jointly edit documents in a privacy-compliant way, some file sharing solutions can also be integrated directly with Microsoft Teams.

“Organizations can easily operate file sharing solutions such as ownCloud in-house or as a managed service with a trusted provider. With ownCloud and their Microsoft applications integrated, employees can experience the full productivity and seamless connectivity without risking unauthorized access or data protection breaches, thanks to a centralized data storage in their private cloud. It really is the best of both worlds,” says Tobias Gerlinger, CEO and Managing Director at ownCloud. “As ownCloud is open source, enterprises avoid vendor lock-ins and get full code transparency for additional peace of mind.”


July 12, 2021

Ready to see what’s next?

Having trouble viewing or submitting this form?

Contact Us

We care about protecting your data. Here’s our Privacy Policy.

Read now:

2023: The year of digitally sovereign clouds

2023: The year of digitally sovereign clouds

This year, companies are sure to rethink their cloud strategies and increasingly rely on European clouds. In doing so, they will reclaim their digital sovereignty, implement sustainable data strategies and take the issue of green IT into their own hands.

By Holger Dyroff, Co-Founder and COO, ownCloud

read more
ownCloud Infinite Scale in the Press

ownCloud Infinite Scale in the Press

Various publications have been reporting on ownCloud Infinite Scale, long before the final version was released end of 2022. Find a complete list here – some of them dive in deep in the technology at its core.

read more
2023: The year of digitally sovereign clouds

Digital life goes on even without Microsoft 365

The Conference of the Independent Data Protection Authorities of Germany (Datenschutzkonferenz or DSK) has judged that it is not possible to use Microsoft Office 365 in accordance with German and EU data protection regulations. However, this in no way implies that digital life will come to a sudden halt. Full-fledged alternatives are readily available.

read more