Re: Sitting pretty here!
They forgot to mention the last bit - Its GDPR compliant for them!
I honestly hope your joking about that.. If not, then you've just been spoon-fed the biggest load of BS.. GDPR is not about where you store the data - it's about how the data is stored, why it's stored, how it used and who has access to it. If you incorrectly configure a permission on OneDrive, then I hope you have a couple of gallons of lube, as the company will get a royal shafting.
If you think you can palm off responsibility for storage onto M$, then think again, as GDPR explicitly states primary responsibility rests with the party who stored the data, not the service providers they were using (though there is some shared responsibility here).
Don't worry, you're not the only one, at least 90% of the FTSE 100 believe they can offload reputation damage and responsibility by outsourcing!!