Understand Microsoft 365 privacy

Risk Practitioner
Privacy Manager
Microsoft 365

Learn about Microsoft 365 privacy standards, the reasons we have them in place, and how they differentiate Microsoft in protecting and respecting customer data.

Learning objectives

Upon completion of this module, you should be able to:

  • Explain Microsoft’s six principles for protecting privacy.
  • List key privacy roles and categories of data processed by Microsoft.
  • Explain how Microsoft uses Defense-in-Depth to protect data throughout its lifecycle.
  • Describe Microsoft’s data collection practices, including privacy notices, data handling, and compliance with international data transfers.
  • List examples of how Microsoft processes data to provide online services.
  • Explain how Microsoft restricts data transfer to third parties and provides appropriate customer notification.
  • Describe Microsoft 365 data residency and retention capabilities.
  • Explain how Microsoft destroys data when a subscription expires or is terminated.
  • Describe Microsoft practices for supporting a customer’s compliance with GDPR Data Subject Requests and Data Protection Impact Assessments.